Multiple Vulnerabilities in Apple and Adobe Products
Systems Affected
- Apple Mac OS X version 10.3.9 and earlier (Panther)
- Apple Mac OS X version 10.4.7 and earlier (Tiger)
- Apple Mac OS X Server version 10.3.9 and earlier
- Apple Mac OS X Server version 10.4.7 and earlier
- Safari web browser
- Adobe Flash Player 8.0.24 and earlier
These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.
Overview
Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update to correct multiple vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.
Description
Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products.
Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006.
Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based Apple systems. This update addresses the vulnerabilities described in Apple Security Update 2006-006 for Intel-based Apple systems.
This security update also addresses previously known vulnerabilities in Adobe Flash Player. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.
Impact
The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.
Solution
Install updates
Install Apple Security Update 2006-006. This and other updates are available via Apple Update or via Apple Downloads.
Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8 Update (Intel) to receive the necessary security updates.
References
- Vulnerability Notes for Apple Security Update 2006-006 - http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006
- About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 - http://docs.info.apple.com/article.html?artnum=304460
- Mac OS X 10.4.8 Update (Intel) - http://www.apple.com/support/downloads/macosx1048updateintel.html
- Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704
- Apple Downloads - http://www.apple.com/support/downloads/
- Vulnerability Notes for Adobe Security Bulletin APSB06-11 - http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11
- Adobe Security Bulletin APSB06-11 - http://www.adobe.com/support/security/bulletins/apsb06-11.html
- Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/#Safari
Revision History
-
October 02, 2006: Initial release
This product is provided subject to this Notification and this Privacy & Use policy.