Apple updates to 10.4.8 and Security Update 2006-006
Looks like it's time to click on the Apple in the top left of your screen, then followed by "Software Update..." (or however you choose to update)
Lots of Updates today for Apple:
The entire iLife Suite gets an update.
Plus OSX goes from 10.4.7 to 10.4.8 and Security Update 2006-006 is bundled in too. Lets take a look at whats in the update:
The 10.4.8 Update is recommended for all users and includes general operating system fixes, as well as specific fixes for the following applications and technologies:
- connecting to wireless networks using the EAP-FAST protocol
- Apple USB modem reliability
- using OpenType fonts in Microsoft Word
- compatibility with 3rd party USB hubs
- scanner performance
- RAW camera support
- printing documents with Asian language names
- performance of the Translation widget
- broadband network performance
Security Update 2006-006 says:
CFNetwork
CVE-ID: CVE-2006-4390
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: CFNetwork clients such as Safari may allow unauthenticated SSL sites to appear as authenticated
Flash Player
CVE-ID: CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Playing Flash content may lead to arbitrary code execution
ImageIO
CVE-ID: CVE-2006-4391
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted JPEG2000 image may lead to an application crash or arbitrary code execution
Kernel
CVE-ID: CVE-2006-4392
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Local users may be able to run arbitrary code with raised privileges
LoginWindow
CVE-ID: CVE-2006-4397
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: After an unsuccessful attempt to log in to a network account, Kerberos tickets may be accessible to other local users
CVE-ID: CVE-2006-4393
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Kerberos tickets may be accessible to other local users if Fast User Switching is enabled
CVE-ID: CVE-2006-4394
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Network accounts may be able to bypass loginwindow service access controls
Preferences
CVE-ID: CVE-2006-4387
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: After removing an account's Admin privileges, the account may still manage WebObjects applications
QuickDraw Manager
CVE-ID: CVE-2006-4395
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Opening a malicious PICT image with certain applications may lead to an application crash or arbitrary code execution
SASL
CVE-ID: CVE-2006-1721
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Remote attackers may be able to cause an IMAP server denial of service
WebCore
CVE-ID: CVE-2006-3946
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted web page may lead to arbitrary code execution
Workgroup Manager
CVE-ID: CVE-2006-4399
Available for: Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Accounts in a NetInfo parent that appear to use ShadowHash passwords may still use crypt
Updates we are still waiting on from Apple:
php
SSL
SSH
Read all about the update here.
Lots of Updates today for Apple:
The entire iLife Suite gets an update.
Plus OSX goes from 10.4.7 to 10.4.8 and Security Update 2006-006 is bundled in too. Lets take a look at whats in the update:
The 10.4.8 Update is recommended for all users and includes general operating system fixes, as well as specific fixes for the following applications and technologies:
- connecting to wireless networks using the EAP-FAST protocol
- Apple USB modem reliability
- using OpenType fonts in Microsoft Word
- compatibility with 3rd party USB hubs
- scanner performance
- RAW camera support
- printing documents with Asian language names
- performance of the Translation widget
- broadband network performance
Security Update 2006-006 says:
CFNetwork
CVE-ID: CVE-2006-4390
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: CFNetwork clients such as Safari may allow unauthenticated SSL sites to appear as authenticated
Flash Player
CVE-ID: CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Playing Flash content may lead to arbitrary code execution
ImageIO
CVE-ID: CVE-2006-4391
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted JPEG2000 image may lead to an application crash or arbitrary code execution
Kernel
CVE-ID: CVE-2006-4392
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Local users may be able to run arbitrary code with raised privileges
LoginWindow
CVE-ID: CVE-2006-4397
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: After an unsuccessful attempt to log in to a network account, Kerberos tickets may be accessible to other local users
CVE-ID: CVE-2006-4393
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Kerberos tickets may be accessible to other local users if Fast User Switching is enabled
CVE-ID: CVE-2006-4394
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Network accounts may be able to bypass loginwindow service access controls
Preferences
CVE-ID: CVE-2006-4387
Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: After removing an account's Admin privileges, the account may still manage WebObjects applications
QuickDraw Manager
CVE-ID: CVE-2006-4395
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Opening a malicious PICT image with certain applications may lead to an application crash or arbitrary code execution
SASL
CVE-ID: CVE-2006-1721
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Remote attackers may be able to cause an IMAP server denial of service
WebCore
CVE-ID: CVE-2006-3946
Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Viewing a maliciously-crafted web page may lead to arbitrary code execution
Workgroup Manager
CVE-ID: CVE-2006-4399
Available for: Mac OS X Server v10.4 through Mac OS X Server v10.4.7
Impact: Accounts in a NetInfo parent that appear to use ShadowHash passwords may still use crypt
Updates we are still waiting on from Apple:
php
SSL
SSH
Read all about the update here.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments