US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-352A

Apple Updates for Multiple Vulnerabilities

Original release date: December 18, 2007
Last revised: --
Source: US-CERT

Systems Affected

* Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1
* Apple Mac OS X Server versions prior to and including 10.4.11 and
10.5.1

These vulnerabilities affect both Intel and PowerPC platforms.

Overview

Apple has released Security Update 2007-009 to correct multiple
vulnerabilities affecting Apple Mac OS X and Mac OS X Server.
Attackers could exploit these vulnerabilities to execute arbitrary
code, gain access to sensitive information, surreptitiously initiate a
video conference, or cause a denial of service.

I. Description

Apple Security Update 2007-009 addresses a number of vulnerabilities
affecting Apple Mac OS X and OS X Server versions 10.4.11 and 10.5.1.
Further details are available in the related vulnerability notes.

The update addresses vulnerabilities in other vendors' products that
ship with Apple OS X or OS X Server. These products include:
* Adobe Flash
* Adobe Shockwave
* GNU Tar

II. Impact

The impacts of these vulnerabilities vary. Potential consequences
include arbitrary code execution, sensitive information disclosure,
surreptitious video conference initiation, and denial of service.

III. Solution

Install updates from Apple

Install Apple Security Update 2007-009. This and other updates are
available via Software Update or via Apple Downloads.

IV. References

* Vulnerability notes for Apple Security Update 2007-009 -
<http://www.kb.cert.org/vuls/byid?searchview&query=apple-2007-009>

* About Security Update 2007-009 -
<http://docs.info.apple.com/article.html?artnum=307179>

* Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>

* Apple - Support - Downloads - <http://www.apple.com/support/downloads/>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-352A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-352A Feedback VU#905292" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

December 18, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR2hR0fRFkHkM87XOAQL7Egf+NvQEwnN2IGDdDwMEb9C2RDw58FXq0EMZ
7SRO8qbrM0c+G3apLFlmCCivWpGHqms2hzrSeon/Ym1YstHQOQeoJANmsHA3SyKz
Wx8TIG10jEiAgytMuyrYjf0w3alXBEsDgXcu8FRc5Z4dg7osMPe7Lco7vVfMvoZG
IpEEQu98zxh2p+Vhf1XKr9UfUnkD4O88rRAs+M1oDZd46GH+JvkYLgLCmkMSwIcs
Vi4M7J+KHUBBkaMZYjnp+YqRwNDq9sGskVEOVDMk9OXw7VhAR7Kf8/zo9Tt1h3P0
h9JeMBHHb0M0MEtYHx/7JxpleXS3LtyiL0kDb9cbMjxU0kKK9SKb/Q==
=Y1jd
-----END PGP SIGNATURE-----

California Fire News

World News - Australia - State Coroner accuses Fire department of FUBAR Posted: 17 Dec 2007 10:28 PM CST Coroner slams CFS over fatal bushfires The Country Fire Service (CFS) failed to take adequate measures to minimize the impact of the Eyre Peninsula bush fires that killed nine people, a South Australian coroner has found. Deputy state coroner Anthony Schapel on Tuesday handed down his findings after a long-running inquiry into the January, 2005 bushfires that burnt about 80,000 hectares of land on the lower Eyre Peninsula and caused more than $100 million in damage. Mr Schapel was critical of the CFS handling of the fires and said many public warnings were mistimed and not particularly appropriate for the locations at which they were directed. He said communications between CFS staff in Port Lincoln and the state headquarters in Adelaide were inadequate at the beginning of the fires and not enough pre-emptive steps were taken to battle the blaze including backburning and fire breaks. "The fact of the matter was that no adequate measures were put in place or attempted which meant that opportunities to alter the outcome were not taken," Mr Schapel said at the Port Lincoln racecourse. "Because the risks to the public was never properly addressed or appreciated, none of those measures were ever adequately considered. "For the same reason no adequate warning was given." Mr Schapel said the CFS had since improved its fire warning system and communication strategies. The deputy Coroner confirmed the fire was started by sparks coming from a faulty exhaust on a car driven over dry vegetation at Wangary

News: Esperanza Fire - Trial rescheduled to April Posted: 17 Dec 2007 12:02 PM CST Trial for Esperanza Fire defendant rescheduled to April 08:22 PM PST on Friday, December 14, 2007 By SONJA BJELLAND The Press-Enterprise A Superior Court judge has ordered that the next hearing in one of Riverside County's most significant murder cases be closed to the public. Raymond Lee Oyler returns to court next month to face murder and arson charges in the deaths of five U.S. Forest Service firefighters during the October 2006 Esperanza Fire. The attorneys involved are not allowed to say what the Jan. 25 hearing is about or why it has been closed. Judge Jeffrey Prevost said in court that the hearing could "cause prejudice" if it was open to the public. The defense and prosecution met with Prevost in chambers before a hearing Friday. Prevost also ordered the transcript of that discussion sealed. At Friday's hearing, Prevost postponed Oyler's jury trial, rescheduling it for April 14. On Oct. 26, 2006, fire overran the Engine 57 crew of Capt. Mark Loutzenhiser, of Idyllwild; Jess McLean, of Beaumont; Jason McKay, of Phelan; Daniel Hoover-Najera, of San Jacinto; and Pablo Cerda, of Fountain Valley. They were trying to protect a vacant octagonal home in Twin Pines from a wildfire. A federal report later concluded that the crew and the U.S. Forest Service committed six serious violations that compromised firefighter safety during the blaze. Oyler also faces 23 counts of arson and 17 counts of setting fires with an incendiary device. He has pleaded not guilty and remains in custody. The district attorney's office is seeking the death penalty.

You are subscribed to email updates from California Fire News - Structure, Wildland, EMS To stop receiving these emails, you may unsubscribe now.	Email Delivery powered by FeedBurner
Inbox too full? Subscribe to the feed version of California Fire News - Structure, Wildland, EMS in a feed reader.
If you prefer to unsubscribe via postal mail, write to: California Fire News - Structure, Wildland, EMS, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610