Status Tracking Note TRTA08-260A

Apple Updates for Multiple Vulnerabilities

Overview

Apple has released Security Update 2008-006 and Mac OS X version 10.5.5 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
Event Information


Date (UTC)Description
2008-09-16 19:53 US-CERT
TA08-260A: Apple Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-09-16 13:28 SANS Internet Storm Center
Apple Updates you may have missed in the past week (Version: 2)
2008-09-16 12:02 US-CERT
Apple Releases Security Updates for Multiple Vulnerabilities
US-CERT Current Activity
Apple has released Security Update 2008-006 and Mac OS X v10.5.5 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, denial of service, privilege escalation, or DNS cache poisoning.
2008-09-16 00:43 SANS Internet Storm Center
MacOSX 10.5.5 and Security Update (Version: 3)
Apple released OSX update 10.5.5.
2008-09-15 Apple
Apple knowledgebase article HT3137: About the security content of Mac OS X v10.5.5 and Security Update 2008-006
This document describes the security content of Mac OS X v10.5.5 and Security Update 2008-006.
2008-09-12 Apple
Apple knowledgebase article HT3129: About the security content of iPhone v2.1
This document describes the security content of iPhone v2.1.
2008-09-12 Apple
Apple knowledgebase article HT3026: About the security content of iPod touch v2.1
This document describes the security content of iPod touch v2.1.
2008-09-10 13:11 US-CERT
Apple Releases Security Updates
US-CERT Current Activity
Apple has released four security updates to address multiple vulnerabilities in iTunes, QuickTime, iPod touch, and Bonjour for Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, access the system with escalated privileges, or obtain sensitive information.
2008-09-10 04:15 SANS Internet Storm Center
Apple updates iPod Touch + Bonjour for Windows
iPod Touch and Bonjour for Windows got updated.
2008-09-09 20:28 SANS Internet Storm Center
Apple updates iTunes+QuickTime
iTunes and QuickTime got updated.
2008-09-09 Apple
Apple knowledgebase article HT2990: About the security content of Bonjour for Windows 1.0.5
This document describes the security content of Bonjour for Windows 1.0.5.
2008-09-09 Apple
Apple knowledgebase article HT3025: About the security content of iTunes 8.0
This document describes the security content of iTunes 8.0.
2008-09-09 Apple
Apple knowledgebase article HT3027: About the security content of QuickTime 7.5.5
This document describes the security content of QuickTime 7.5.5.
2008-08-19 Zero Day Initiative (ZDI)
ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
CVE-2008-3635
Vulnerability Reported
2008-06-25 Zero Day Initiative (ZDI)
ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability
CVE-2008-3625
Vulnerability Reported
2008-05-19 Zero Day Initiative (ZDI)
ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability
CVE-2008-3627
Vulnerability Reported
2008-05-15 Zero Day Initiative (ZDI)
ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability
CVE-2008-3627
Vulnerability Reported
2008-05-15 Zero Day Initiative (ZDI)
ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability
CVE-2008-3625
Vulnerability Reported
2008-05-13 Zero Day Initiative (ZDI)
ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability
CVE-2008-3627
Vulnerability Reported
2007-05-13 iDefense
Apple QuickTime PICT Integer Overflow Vulnerability
CVE-2008-3614
Vulnerability Reported
QuickTime is vulnerable to an integer overflow vulnerability when handling malformed PICT files. This issue results in heap corruption which can lead to arbitrary code execution.

Reference

Date first published (UTC): 2008-09-26T06:36+00:00
Date last updated (UTC): 2008-09-26T06:36+00:00
Valid HTML 4.01!