Alert

Multiple Vulnerabilities in Apple and Adobe Products

Last Revised
Alert Code
TA06-275A

Systems Affected

 
  • Apple Mac OS X version 10.3.9 and earlier (Panther)
  • Apple Mac OS X version 10.4.7 and earlier (Tiger)
  • Apple Mac OS X Server version 10.3.9 and earlier
  • Apple Mac OS X Server version 10.4.7 and earlier
  • Safari web browser
  • Adobe Flash Player 8.0.24 and earlier

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

 

Overview

 

Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update to correct multiple vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.

 

Description

 

Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products.

Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006.

Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based Apple systems. This update addresses the vulnerabilities described in Apple Security Update 2006-006 for Intel-based Apple systems.

This security update also addresses previously known vulnerabilities in Adobe Flash Player. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.

Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

Solution

Install updates

Install Apple Security Update 2006-006. This and other updates are available via Apple Update or via Apple Downloads.

Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8 Update (Intel) to receive the necessary security updates.


 

References

  • Vulnerability Notes for Apple Security Update 2006-006 - http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006
  • About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 - http://docs.info.apple.com/article.html?artnum=304460
  • Mac OS X 10.4.8 Update (Intel) - http://www.apple.com/support/downloads/macosx1048updateintel.html
  • Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704
  • Apple Downloads - http://www.apple.com/support/downloads/
  • Vulnerability Notes for Adobe Security Bulletin APSB06-11 - http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11
  • Adobe Security Bulletin APSB06-11 - http://www.adobe.com/support/security/bulletins/apsb06-11.html
  • Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/#Safari


Revision History

  • October 02, 2006: Initial release
     

     

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.