Microsoft has issued a Security Bulletin Advance Notification indicating that the August release cycle will contain nine bulletins, five of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Office, Visual Studio, ISA Server, BizTalk Server, Windows, and Client for Mac. There will also be four important bulletins for Microsoft Windows and .NET Framework. Release of these bulletins is scheduled for Tuesday, August 11.

US-CERT will provide additional information as it becomes available.

Original release date: August 06, 2009

Last revised: --

Source: US-CERT

Systems Affected

• Apple Mac OS X versions prior to and including 10.4.11 (Tiger) and 10.5.7 (Leopard)
• Apple Mac OS X Server versions prior to and including 10.4.11 (Tiger) and 10.5.7 (Leopard)

 

Overview

Apple has released Mac OS X v10.5.8 / Security Update 2009-003 to correct multiple vulnerabilities affecting components of Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

I. Description

Apple Mac OS X v10.5.8 / Security Update 2009-003 addresses a number of vulnerabilities affecting Apple Mac OS X and Mac OS X Server. These updates also address vulnerabilities in other vendors' products that ship with Apple Mac OS X or Mac OS X Server.

II. Impact

The impact of these vulnerabilities vary. Potential consequences include arbitrary code execution, sensitive information disclosure, denial of service, or privilege escalation.

III. Solution

Install Apple Mac OS X v10.5.8 / Security Update 2009-003.  These and other updates are available via Software Update or via Apple Downloads.

IV. References

• Security Update 2009-003 / Mac OS X v10.5.8 - <http://support.apple.com/kb/HT3757>
• Mac OS X: Updating your software - <https://support.apple.com/kb/HT1338?viewlocale=en_US>
• Apple Downloads - <http://support.apple.com/downloads/>

---

Feedback can be directed to US-CERT.

---

Produced 2009 by US-CERT, a government organization. Terms of use

Revision History

August 06, 2009: Initial release

Apple has released Mac OS X v10.5.8 and Security Update 2009-003 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security mechanisms, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3757 and apply any necessary updates to help mitigate the risks. Additional information can be found in US-CERT Technical Cyber Security Alert TA09-218A.

Sun has released update 15 for the Java SE JDK 6 and the Java SE JRE 6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or bypass authentication methods.

US-CERT encourages users and administrators to review the Java SE 6 Update 15 release notes and apply any necessary updates to help mitigate the risks.

Apple has released iPhone OS 3.0.1 to address a vulnerability in the CoreTelephony component. By sending a specially crafted SMS message to a user, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users review Apple article HT3754 and apply any necessary updates to help mitigate the risk.