Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > 3890 - APPLE-SA-2009-09-10-1 Mac OS X v10.6.1 Flash Player plug-in

CSIRTUK advisories

3890 - APPLE-SA-2009-09-10-1 Mac OS X v10.6.1 Flash Player plug-in

ID: 3890
Date: 11/09/2009
Title: 3890 - APPLE-SA-2009-09-10-1 Mac OS X v10.6.1 Flash Player plug-in
Hardware components affected:Apple MAC
Specific operating systems components affected: Apple Mac OS
Other software: Web Browser
Remediation Summary:Update your copy of the software with the download available from the supplier.
Vendors affected:Apple
Applications affected:Flash Player plug-in
Adversity source: Unknown
Attack Vector: Vulnerability exploitation
Virulence: Unknown
Warning Status: Unknown
Potential Damage: Remote execution/modification
Possible Duration: Unknown
Availability of fix: Available
Type of fix: Patch
Source: Apple
Reliability of source: Trusted
Source URL: http://www.adobe.com/support/security/bulletins/apsb09-10.html
CVE: CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870
Abstract: Mac OS X v10.6.1 is now available and addresses the multiple vulnerabilities in Adobe Flash Player plug-in.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-09-10-1 Mac OS X v10.6.1

Mac OS X v10.6.1 is now available and addresses the following:

Flash Player plug-in
CVE-ID:  CVE-2009-1862, CVE-2009-1863, CVE-2009-1864, CVE-2009-1865, CVE-2009-1866, CVE-2009-1867, CVE-2009-1868, CVE-2009-1869, CVE-2009-1870 Available for:  Mac OS X v10.6, Mac OS X Server v10.6
Impact:  Multiple vulnerabilities in Adobe Flash Player plug-in
Description:  Multiple issues exist in the Adobe Flash Player plug- in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.32.18. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-10.html


Mac OS X v10.6.1 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.6
The download file is named: MacOSXUpd10.6.1.dmg Its SHA-1 digest is: 2e0c303e0078a488702172d782cb1b882eef543

For Mac OS X Server v10.6
The download file is named: MacOSXServerUpd10.6.1.dmg Its SHA-1 digest is: 736474bbfc70244c1ff951621fa484ccdfcaf3c7

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)

iQEcBAEBAgAGBQJKqV+gAAoJEHkodeiKZIkBux8H/3wrRgCPvoFJrSMN4u8SqzPd
jN4HyUwhPFuU/ueL3ZngtVmNjEgkw/+mlP4ARwAcogA2f6F+U4Rx0mEXE07fd/5Z
1Ghw+3P/mf0NNEFuFGBjoLNrUIcTORT0tWIZjo/OFZK07C8YtSfmZDcnXAXSskKh
uuxGZhoXFNA29K65KoPQw7O2Pbdj7s2WSos92tWof4j+NNIq9XsryTzLi/attiwz
R9m5WJ0mUf2Bc7u4o+Ka5FEK7Hp1GtypEoi/fa46iwArAvUKJwe8bWwO9c/Kr2Po
0zJmZ+fwHYq5dtIKbNBD586U44sP7DLal9O6Big0np2CCWcOTjR6cczdYes4UhU=
=su8u
-----END PGP SIGNATURE-----

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

Fri, 11 Sep 2009 10:29:00 GMT
Domain affected: Technical
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |