Apple Updates for Multiple Vulnerabilities (TA09-133A)
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/JVNTR-2009-12.html
JVNRSS based Status Tracking Notes: Apple has released multiple Security Updates, 2009-002 / Mac OS X version 10.5.7 and Safari 3.2.3, to correct multiple vulnerabilities affecting Apple Mac OS X , Mac OS X Server, and the Safari web browser. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.JVNRSS Feasibility Study Teamjvn@jvn.jpJVNTR-2009-122009-05-17T06:28+00:002009-05-17T06:28+00:002009-05-17T06:28+00:00Apple Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Via US-CERT Mailing List
US-CERTTA09-133Ahttp://www.us-cert.gov/cas/techalerts/TA09-133A.html2009-05-13T15:23-04:002009-05-13T15:23-04:002009-05-13T15:23-04:00Apple Releases Security Update 2009-002, Mac OS X v10.5.7 and Safari 3.2.3
http://www.us-cert.gov/current/archive/2009/05/13/archive.html#apple_releases_security_update_2009
US-CERT Current Activity
Apple has released Security Update 2009-002 and Mac OS X v10.5.7 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, leverage additional attacks, or obtain elevated privileges.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA09-133A.html2009-05-13T09:12-04:002009-05-13T09:12-04:002009-05-13T09:12-04:00Apple patches and updates
http://isc.sans.org/diary.html?storyid=6382
Apple released patches today: Apple OS X 10.5.7 update / Security update 2009-002, Safari 4 beta, Safari 3.2.3
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://support.apple.com/kb/HT3549http://support.apple.com/kb/HT3397http://support.apple.com/kb/HT3551http://support.apple.com/kb/HT35502009-05-12T23:07+00:002009-05-12T23:07+00:002009-05-12T23:07+00:00About the security content of Security Update 2009-002 / Mac OS X v10.5.7
http://support.apple.com/kb/HT3549
This document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
AppleApple knowledgebase article HT3549http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1184http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1185http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1186http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1517http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3530http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4309http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0010http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0114http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0144http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0145http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0148http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0149http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0150http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0152http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0154http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0155http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0156http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0157http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0158http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0160http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0161http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0162http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0164http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0165http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0519http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0520http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0942http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0943http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0944http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-09462009-05-122009-05-122009-05-12Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797
Index validation vulnerability (CVE-2008-1517)
Vulnerability Reported
The Mac OS X xnu (Mach) kernel implements workqueues. This allows the kernel to schedule events to take place in a task. An input validation error exists within this implementation, which can lead to execution of arbitrary code in the kernel.
iDefensehttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-15172008-03-192008-03-192008-03-19