From alerts@us-cert.gov Fri Mar  3 15:18:30 2006
From: US-CERT Alerts <alerts@us-cert.gov>
To: alerts@us-cert.gov
Date: Fri, 3 Mar 2006 15:07:52 -0500
Subject: US-CERT Cyber Security Alert SA06-062A -- Apple Mac Products are Affected by Multiple Vulnerabilities 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



                        National Cyber Alert System

                      Cyber Security Alert SA06-062A


Apple Mac Products are Affected by Multiple Vulnerabilities

   Original release date: March 3, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger)
     * Apple Safari web browser
     * Apple Mac OS X Server version 10.3.9 and version 10.4.5

   Previous versions of Mac OS X may also be affected.


Overview

     Mac OS X, Safari web browser, and other products are affected by
     multiple vulnerabilites. Apple has released Security Update
     2006-001 to address these vulnerabilities, the most serious of
     which may allow a remote attacker to place and run malicious code
     on your computer.


Solution

Install the Update

     Install the update through Apple Update. In addition, you can
     install the update as described in Apple Security Update 2006-001.


Description

     Mac OS X, Safari web browser and other products are affected by
     multiple vulnerabilities. Some of these vulnerabilities could allow
     an attacker to run malicious programs on your computer.

     For more technical information, see US-CERT Technical Alert
     TA06-062A.


References

     * Apple Security Update 2006-001 -
       <http://docs.info.apple.com/article.html?artnum=303382>

     * Mac OS X: Updating your software -
       <http://docs.info.apple.com/article.html?artnum=106704>

     * US-CERT Technical Cyber Security Alert TA06-053A -
       <http://www.us-cert.gov/cas/techalerts/TA06-062A.html>

     * US-CERT Vulnerability Note VU#999708 -
       <http://www.kb.cert.org/vuls/id/999708>

     * US-CERT Vulnerability Note VU#351217 -
       <http://www.kb.cert.org/vuls/id/351217>

     * US-CERT Vulnerability Note VU#176732 -
       <http://www.kb.cert.org/vuls/id/176732>

     * US-CERT Technical Cyber Security Alert TA06-053A -
       <http://www.us-cert.gov/cas/techalerts/TA06-053A.html>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/#Safari>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA06-062A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "SA06-062A Feedback VU#351217" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   Mar 3, 2006: Initial release


    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRAiaEn0pj593lg50AQIdZwf+NhqPqXzs8ZgbCbMNBrASQ4IhvnaVMJfC
F1oTPbHv2Z6l9owkC2gwc2xbziMT5RGJ+eusJz1IUUZoAQajqYE/8qRfdKavzx93
V8j/ypubogct1zTDhXBbIUCPd7MeSmVJ60NGRne03OG/J2QVqflC7Q6wyv5eezpf
cWlWQvQVc0BuXwGUpMNu2Rovf72LbRvQr45ATgVPPEX7h7R2apQE0fn1/g5KTKeN
JLORXEBotWcfepQuq2OFikZ2YwctB23eDA8mZGAKMktDW6HS89ISEfTIMBS5WxgJ
0N7VbCSBN51GykenhnDw/jWiOGjAjups1eVHitW4UHYxMWePsdkaxQ==
=8WrJ
-----END PGP SIGNATURE-----