Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > October 2006 > Technical Cyber Security Alert: TA06-275A - Multiple Vulnerabilities in Apple and Adobe Products

October 2006

Technical Cyber Security Alert: TA06-275A - Multiple Vulnerabilities in Apple and Adobe Products

ID: 00682
Ref: 654/2006
Date: 03 October 2006:14:46:16
Version: 1
Title: Technical Cyber Security Alert: TA06-275A - Multiple Vulnerabilities in Apple and Adobe Products
Abstract: Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products.
Vendors affected: US-Cert
Operating systems affected: US-Cert
Applications affected: US-Cert
Title
=====

Technical Cyber Security Alert: TA06-275A - Multiple Vulnerabilities in Apple and
Adobe Products

Detail
======

Apple has released Security Update 2006-006 to address numerous
vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
Player, and other products.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA06-275A


Multiple Vulnerabilities in Apple and Adobe Products

Original release date: October 02, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Apple Mac OS X version 10.3.9 and earlier (Panther)
* Apple Mac OS X version 10.4.7 and earlier (Tiger)
* Apple Mac OS X Server version 10.3.9 and earlier
* Apple Mac OS X Server version 10.4.7 and earlier
* Safari web browser
* Adobe Flash Player 8.0.24 and earlier

These vulnerabilities affect both Intel-based and PowerPC-based Apple
systems.


Overview

Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update
to correct multiple vulnerabilities affecting Mac OS X, OS X Server,
Safari, Adobe Flash Player, and other products. The most serious of
these vulnerabilities may allow a remote attacker to execute arbitrary
code. Impacts of other vulnerabilities include bypass of security
restrictions and denial of service.


I. Description

Apple has released Security Update 2006-006 to address numerous
vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
Player, and other products.

Further details are available in the individual Vulnerability Notes
for Apple Security Update 2006-006.

Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based
Apple systems. This update addresses the vulnerabilities described in
Apple Security Update 2006-006 for Intel-based Apple systems.

This security update also addresses previously known vulnerabilities
in Adobe Flash Player. More information on those vulnerabilities can
be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
Notes for Adobe Security Bulletin APSB06-11.

II. Impact

The impacts of these vulnerabilities vary. For information about
specific impacts, please see the Vulnerability Notes for Apple
Security Update 2006-006. Potential consequences include remote
execution of arbitrary code or commands, bypass of security
restrictions, and denial of service.


III. Solution

Install updates

Install Apple Security Update 2006-006. This and other updates are
available via Apple Update or via Apple Downloads.

Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8
Update (Intel) to receive the necessary security updates.


IV. References

* Vulnerability Notes for Apple Security Update 2006-006 -


* About the security content of the Mac OS X 10.4.8 Update and
Security Update 2006-006 -


* Mac OS X 10.4.8 Update (Intel) -


* Mac OS X: Updating your software -


* Apple Downloads -

* Vulnerability Notes for Adobe Security Bulletin APSB06-11 -


* Adobe Security Bulletin APSB06-11 -


* Securing Your Web Browser -


_________________________________________________________________

The most recent version of this document can be found at:


_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "TA06-275A Feedback VU#546772" in the
subject.
_________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:



_________________________________________________________________

Revision History

October 02, 2006: Initial release


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |