Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-247: Apple Security Update 2008-002

[307562]

March 27, 2008 21:00 GMT
PROBLEM: Several security vulnerabilities have been found in various products used with Mac Operating Systems.
PLATFORM: Mac OS X v10.4.11, v10.5.2
Mac OS X Server v10.4.11, v10.5.2
DAMAGE: Arbitrary code execution.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is HIGH. Multiple updates with the most serious could allow a remote user to gain system privilegs.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 8.8
6.5
(AV:N/AC:M/Au:N/C:C/I:C/A:N/E:U/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-247.shtml
  ORIGINAL BULLETIN: http://support.apple.com/kb/HT1249
  CVE: CVE-2008-0044 CVE-2008-0045 CVE-2005-3352 CVE-2006-3747 CVE-2007-3847 CVE-2007-5000 CVE-2007-6388 CVE-2007-5000 CVE-2007-6203 CVE-2007-6388 CVE-2007-6421 CVE-2008-0005 CVE-2006-5752 CVE-2008-0048 CVE-2008-0049 CVE-2008-0057 CVE-2008-0997 CVE-2008-0046 CVE-2008-0050 CVE-2007-3725 CVE-2007-4510 CVE-2007-4560 CVE-2007-5759 CVE-2007-6335 CVE-2007-6336 CVE-2007-6337 CVE-2008-0318 CVE-2008-0728 CVE-2006-6481 CVE-2007-1745 CVE-2007-1997 CVE-2007-3725 CVE-2007-4510 CVE-2007-4560 CVE-2007-0897 CVE-2007-0898 CVE-2008-0318 CVE-2008-0728 CVE-2008-0051 CVE-2008-0052 CVE-2008-0596 CVE-2008-0047 CVE-2008-0053 CVE-2008-0882 CVE-2005-4077 CVE-2007-6109 CVE-2007-5795 CVE-2007-2799 CVE-2008-0054 CVE-2008-0055 CVE-2008-0056 CVE-2008-0058 CVE-2008-0059 CVE-2008-0060 CVE-2008-0987 CVE-2007-5901 CVE-2007-5971 CVE-2008-0062 CVE-2008-0063 CVE-2008-0988 CVE-2008-0989 CVE-2008-0990 CVE-2007-4752 CVE-2008-0992 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 CVE-2007-4768 CVE-2007-4887 CVE-2007-3378 CVE-2007-3799 CVE-2008-0993 CVE-2008-0994 CVE-2008-0995 CVE-2008-0996 CVE-2008-0998 CVE-2008-0999 CVE-2008-1000 CVE-2007-4568 CVE-2007-4990 CVE-2006-3334 CVE-2006-5793 CVE-2007-2445 CVE-2007-5266 CVE-2007-5267 CVE-2007-5268 CVE-2007-5269 CVE-2007-5958 CVE-2008-0006 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 
[***** Start 307562 *****]

   Please visit Apple's Web site to view their Security Update 2008-002:
        http://docs.info.apple.com/article.html?artnum=307562


[***** End 307562 *****]
CIAC wishes to acknowledge the contributions of Apple for the information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC can be contacted at: 
    Voice:          +1 925-422-8193 (7 x 24)
    FAX:            +1 925-423-8002
    STU-III:        +1 925-423-2604
    E-mail:          ciac@ciac.org
    World Wide Web:  http://www.ciac.org/
    Anonymous FTP:   ftp.ciac.org
This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]