Status Tracking Note TRTA08-350A

Apple Updates for Multiple Vulnerabilities

Apple has released Security Update 2008-008 and Mac OS X version 10.5.6 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.

Event Information

Date (UTC)	Description
2008-12-15 22:18	US-CERT TA08-350A: Apple Updates for Multiple Vulnerabilities Via US-CERT Mailing List
2008-12-15 18:25	SANS Internet Storm Center Apple Releases OSX 10.5.6/Security update 2008-008 Apple's released an update for OSX, you can now download 10.5.6 through the Software Update app.
2008-12-15 08:17	US-CERT Apple Releases Security Updates for Multiple Vulnerabilities US-CERT Current Activity Apple has released Security Update 2008-008 and Mac OS X v10.5.6 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, or information disclosure.
2008-12-15	Apple Apple knowledgebase article HT3338: About the security content of Security Update 2008-008 / Mac OS X v10.5.6 This document describes the security content of Security Update 2008-008 / Mac OS X v10.5.6, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

Reference

Apple Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
CVE-2008-1391
CVE-2008-3170
CVE-2008-3623
CVE-2008-4217
CVE-2008-4218
CVE-2008-4219
CVE-2008-4220
CVE-2008-4221
CVE-2008-4222
CVE-2008-4223
CVE-2008-4224
CVE-2008-4234
CVE-2008-4236
CVE-2008-4237
CVE-2008-4818
CVE-2008-4819
CVE-2008-4820
CVE-2008-4821
CVE-2008-4822
CVE-2008-4823
CVE-2008-4824


Date first published (UTC):	2008-12-16T21:30+00:00
Date last updated (UTC):	2008-12-16T21:30+00:00