US-CERT Technical Cyber Security Alert TA06-275A -- Multiple Vulnerabilities in Apple and Adobe Products

National Cyber Alert System

Technical Cyber Security Alert TA06-275A

Multiple Vulnerabilities in Apple and Adobe Products

Original release date: October 02, 2006
Last revised: --
Source: US-CERT

Systems Affected

Apple Mac OS X version 10.3.9 and earlier (Panther)
Apple Mac OS X version 10.4.7 and earlier (Tiger)
Apple Mac OS X Server version 10.3.9 and earlier
Apple Mac OS X Server version 10.4.7 and earlier
Safari web browser
Adobe Flash Player 8.0.24 and earlier

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

Overview

Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update to correct multiple vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.

I. Description

Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products.

Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006.

Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based Apple systems. This update addresses the vulnerabilities described in Apple Security Update 2006-006 for Intel-based Apple systems.

This security update also addresses previously known vulnerabilities in Adobe Flash Player. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.

II. Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

III. Solution

Install updates

Install Apple Security Update 2006-006. This and other updates are available via Apple Update or via Apple Downloads.

Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8 Update (Intel) to receive the necessary security updates.

IV. References

Vulnerability Notes for Apple Security Update 2006-006 - <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006>

About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 - <http://docs.info.apple.com/article.html?artnum=304460>

Mac OS X 10.4.8 Update (Intel) - <http://www.apple.com/support/downloads/macosx1048updateintel.html>

Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>

Apple Downloads - <http://www.apple.com/support/downloads/>

Vulnerability Notes for Adobe Security Bulletin APSB06-11 - <http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11>

Adobe Security Bulletin APSB06-11 - <http://www.adobe.com/support/security/bulletins/apsb06-11.html>

Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

October 02, 2006: Initial release

Last updated October 02, 2006

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory