-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

                  Technical Cyber Security Alert TA06-275A


Multiple Vulnerabilities in Apple and Adobe Products

   Original release date: October 02, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X version 10.3.9 and earlier (Panther)
     * Apple Mac OS X version 10.4.7 and earlier (Tiger)
     * Apple Mac OS X Server version 10.3.9 and earlier
     * Apple Mac OS X Server version 10.4.7 and earlier
     * Safari web browser
     * Adobe Flash Player 8.0.24 and earlier

   These vulnerabilities affect both Intel-based and PowerPC-based Apple
   systems.


Overview

   Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update
   to correct multiple vulnerabilities affecting Mac OS X, OS X Server,
   Safari, Adobe Flash Player, and other products. The most serious of
   these vulnerabilities may allow a remote attacker to execute arbitrary
   code. Impacts of other vulnerabilities include bypass of security
   restrictions and denial of service.


I. Description

   Apple has released Security Update 2006-006 to address numerous
   vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash
   Player, and other products.

   Further details are available in the individual Vulnerability Notes
   for Apple Security Update 2006-006.

   Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based
   Apple systems. This update addresses the vulnerabilities described in
   Apple Security Update 2006-006 for Intel-based Apple systems.

   This security update also addresses previously known vulnerabilities
   in Adobe Flash Player. More information on those vulnerabilities can
   be found in Adobe Security Bulletin APSB06-11 and the Vulnerability
   Notes for Adobe Security Bulletin APSB06-11.

II. Impact

   The impacts of these vulnerabilities vary. For information about
   specific impacts, please see the Vulnerability Notes for Apple
   Security Update 2006-006. Potential consequences include remote
   execution of arbitrary code or commands, bypass of security
   restrictions, and denial of service.


III. Solution

Install updates

   Install Apple Security Update 2006-006. This and other updates are
   available via Apple Update or via Apple Downloads.

   Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8
   Update (Intel) to receive the necessary security updates.


IV. References

     * Vulnerability Notes for Apple Security Update 2006-006 -
       <http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006>

     * About the security content of the Mac OS X 10.4.8 Update and
       Security Update 2006-006 -
       <http://docs.info.apple.com/article.html?artnum=304460>

     * Mac OS X 10.4.8 Update (Intel) -
       <http://www.apple.com/support/downloads/macosx1048updateintel.html>

     * Mac OS X: Updating your software -
       <http://docs.info.apple.com/article.html?artnum=106704>

     * Apple Downloads - <http://www.apple.com/support/downloads/>

     * Vulnerability Notes for Adobe Security Bulletin APSB06-11 -
       <http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11>

     * Adobe Security Bulletin APSB06-11 -
       <http://www.adobe.com/support/security/bulletins/apsb06-11.html>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/#Safari>

 _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA06-275A.html>
 _________________________________________________________________
 
 Feedback can be directed to US-CERT Technical Staff. Please send
 email to <cert@cert.org> with "TA06-275A Feedback VU#546772" in the
 subject.
 _________________________________________________________________

 Produced 2006 by US-CERT, a government organization.

 Terms of use:

   <http://www.us-cert.gov/legal.html>

 _________________________________________________________________

   Revision History

   October 02, 2006: Initial release
  

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRSFT/exOF3G+ig+rAQIF0gf+KI8EWp1iNaVOYe2YgcRRMF27K8VFz5Rn
Y81SRMZk4M1m9/4/7oJG7obEiGr4LqD/EjxT23ctuQ4KBKysokv7F+FrLwMHbRGY
my6x7mmLy+JEydQrMFk8u/2ZdVZjvxnhBUmH9nuwgjhqaJ0Ez1GAbmkmJ/TV5pbY
gOWOu5oe2zpkf3fpLRWY+XxctHukgl8SlN0ucyRSRPlWmO7rR8di/rujWMRRAlep
fEkTeq6Z5X4Ep6lwxoWX5z+a5oPz4tLHMIbjGZlV3FGa7ii6GTBWmQSN42yTW9tZ
ELoLtXeHgiSy27n7G6VMOIzKEu7V8mHt3L3ZFrF+O/Xx5KBb/b/xQg==
=nP7Y
-----END PGP SIGNATURE-----