Apple Mac Products are Affected by Multiple Vulnerabilities

Systems Affected

• Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger)
• Apple Safari web browser
• Apple Mac OS X Server version 10.3.9 and version 10.4.5

Overview

Mac OS X, Safari web browser, and other products are affected by multiple vulnerabilites. Apple has released Security Update 2006-001 to address these vulnerabilities, the most serious of which may allow a remote attacker to place and run malicious code on your computer.

Solution

Install an Update

Install Apple Security Update 2006-001 through Apple Update.

Disable "Open 'safe' files after downloading"

For additional protection, disable the option to "Open 'safe' files after downloading," as specified in "Securing Your Web Browser."

Description

Mac OS X, Safari web browser and other products are affected by multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to run malicious programs on your computer.

For more technical information, see US-CERT Technical Alert TA06-062A.

References

• US-CERT Technical Cyber Security Alert TA06-062A - <http://www.us-cert.gov/cas/techalerts/TA06-062A.html>
• US-CERT Vulnerability Note VU#999708 - <http://www.kb.cert.org/vuls/id/999708>
• US-CERT Vulnerability Note VU#351217 - <http://www.kb.cert.org/vuls/id/351217>
• US-CERT Vulnerability Note VU#176732 - <http://www.kb.cert.org/vuls/id/176732>
• US-CERT Technical Cyber Security Alert TA06-053A - <http://www.us-cert.gov/cas/techalerts/TA06-053A.html>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari>
• Apple Security Update 2006-001 - <http://docs.info.apple.com/article.html?artnum=303382>
• Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

March 3, 2006: Initial release, updated solution, fixed reference to TA06-062A