Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

Multiple Vulnerabilities in Apple and Adobe Products

Last Revised
Alert Code
TA06-275A

Systems Affected

 
  • Apple Mac OS X version 10.3.9 and earlier (Panther)
  • Apple Mac OS X version 10.4.7 and earlier (Tiger)
  • Apple Mac OS X Server version 10.3.9 and earlier
  • Apple Mac OS X Server version 10.4.7 and earlier
  • Safari web browser
  • Adobe Flash Player 8.0.24 and earlier

These vulnerabilities affect both Intel-based and PowerPC-based Apple systems.

 

Overview

 

Apple has released Security Update 2006-006 and Mac OS X 10.4.8 Update to correct multiple vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypass of security restrictions and denial of service.

 

Description

 

Apple has released Security Update 2006-006 to address numerous vulnerabilities affecting Mac OS X, OS X Server, Safari, Adobe Flash Player, and other products.

Further details are available in the individual Vulnerability Notes for Apple Security Update 2006-006.

Apple has also released Mac OS X 10.4.8 Update (Intel) for Intel-based Apple systems. This update addresses the vulnerabilities described in Apple Security Update 2006-006 for Intel-based Apple systems.

This security update also addresses previously known vulnerabilities in Adobe Flash Player. More information on those vulnerabilities can be found in Adobe Security Bulletin APSB06-11 and the Vulnerability Notes for Adobe Security Bulletin APSB06-11.

Impact

The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes for Apple Security Update 2006-006. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

Solution

Install updates

Install Apple Security Update 2006-006. This and other updates are available via Apple Update or via Apple Downloads.

Users with Intel-based Apple systems should upgrade to Mac OS X 10.4.8 Update (Intel) to receive the necessary security updates.


 

References

  • Vulnerability Notes for Apple Security Update 2006-006 - http://www.kb.cert.org/vuls/byid?searchview&query=apple-2006-006
  • About the security content of the Mac OS X 10.4.8 Update and Security Update 2006-006 - http://docs.info.apple.com/article.html?artnum=304460
  • Mac OS X 10.4.8 Update (Intel) - http://www.apple.com/support/downloads/macosx1048updateintel.html
  • Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704
  • Apple Downloads - http://www.apple.com/support/downloads/
  • Vulnerability Notes for Adobe Security Bulletin APSB06-11 - http://www.kb.cert.org/vuls/byid?searchview&query=apsb06-11
  • Adobe Security Bulletin APSB06-11 - http://www.adobe.com/support/security/bulletins/apsb06-11.html
  • Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/#Safari


Revision History

  • October 02, 2006: Initial release
     

     

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.