-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        National Cyber Alert System
   
     Technical Cyber Security Alert TA08-150A


Apple Updates for Multiple Vulnerabilities

   Original release date: May 29, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Mac OS X prior to v10.5.3
     * Mac OS X Server prior to v10.4.11

Overview

   Apple has released Security Update 2008-003 and OS X version 10.5.3 to
   correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X
   Server.  Attackers  could  exploit  these  vulnerabilities  to execute
   arbitrary  code,  gain  access  to  sensitive  information, or cause a
   denial of service.

I. Description

   Apple  Security  Update  2008-003  and  Apple  Mac OS X version 10.5.3
   address  a number of vulnerabilities affecting Apple Mac OS X and OS X
   Server  versions  prior  to  and including 10.4.11 and 10.5.2. Further
   details are available in the US-CERT Vulnerability Notes Database. The
   update  also addresses vulnerabilities in other vendors' products that
   ship with Apple OS X or OS X Server.

II. Impact

   A  remote,  unauthenticated  attacker may be able to execute arbitrary
   code.

III. Solution

Upgrade

   Install  Apple  Security  Update  2008-003  or  Apple Mac OS X version
   10.5.3.  These  and other updates are available via Software Update or
   via Apple Downloads.

IV. References

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>
     
 * About  the security content of Security Update 2008-003 / Mac OS X
   10.5.3 - <http://support.apple.com/kb/HT1897>
     
 * Mac OS X: Updating your software -
   <http://support.apple.com/kb/HT1338?viewlocale=en_US>
     
 * US-CERT  Vulnerability  Notes for Apple Security Update 2008-001 -
   <http://www.kb.cert.org/vuls/byid?searchview&query=apple_security_update_2008_003>

 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-150A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA08-150A Feedback VU#566875" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

   Revision History

   May 29 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSD8M8XIHljM+H4irAQL8gggAhPXOm6pPXxrZpjiJYHmlhwCCIclyj9vo
Yvs/cicI8vJ3vB4xkUd51/iFoze6D3mFnSxwVAgrixysdkaCxBUyWqmRumEDTXfx
403FR2yIFpSFr7+9VXXWpmq6E0aHVjrKPOArq5uysuIPOHiEbKUisT2gBXUlPrtN
RjUg/w/9/IEryPxv/nVzHMcLDde2OLyoo+tiSCOqJK/sC/VUM/d1zkdIDOfu0zom
vmqM10hDyA7VR2rgkKvSbqXOWHua0t4eHaNMP0h3N51yLmFhMHxBGj9zWXj9dpHI
DcQ9gnQKm7YocOfLC4IPV0BWuPoAkNOEAPeRapPgmJ60icjOpn/MTQ==
=QvSr
-----END PGP SIGNATURE-----