Descrizione del problema
Apple ha rilasciato il Security Update 2008-006 per correggere
varie vulnerabilta’ che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
: Descrizione del problema
Apple ha rilasciato il Security Update 2008–006 per correggere
varie vulnerabilta’ che affliggono il sistema operativo Mac OS X
ed alcune applicazioni distribuite insieme al sistema stesso.
:: Software interessato
Apple Mac OS X version 10.4.11 e precedenti
Apple Mac OS X Server version 10.4.11 e precedenti
Apple Mac OS X dalla versione 10.5 alla 10.5.4
Apple Mac OS X Server dalla versione 10.5 alla 10.5.4
L’aggiornamento riguarda sia i sistemi Intel-based
sia quelli PowerPC-based.
:: Impatto
Security Bypass
Cross Site Scripting
Spoofing
Manipolazione di dati
Esposizione di dati sensibili
Esposizione di informazioni sul sistema
Denial of Service
System access
:: Soluzione
Applicare il Security Update 2008–006 attraverso lo strumento
‘Software Update’ o scaricandolo da Apple Downloads:
Apple Security Update 2008–006 Client (Intel) :
http://www.apple.com/support/downloads/securityupdate2008006clientintel.html
Apple Security Update 2008–006 Client (PPC) :
http://www.apple.com/support/downloads/securityupdate2008006clientppc.html
Apple Security Update 2008–006 Server (PPC) :
http://www.apple.com/support/downloads/securityupdate2008006serverppc.html
Apple Security Update 2008–006 Server (Universal) :
http://www.apple.com/support/downloads/securityupdate2008006serveruniversal.html
Apple Mac OS X 10.5.5 Combo Update :
http://www.apple.com/support/downloads/macosx1055comboupdate.html
Apple Mac OS X 10.5.5 Update :
http://www.apple.com/support/downloads/macosx1055update.html
Apple Mac OS X Server 10.5.5 :
http://www.apple.com/support/downloads/macosxserver1055.html
Apple Mac OS X Server Combo 10.5.5 :
http://www.apple.com/support/downloads/macosxservercombo1055.html
:: Riferimenti
Apple – About Security Update 2008–006
http://support.apple.com/kb/HT3137
Mitre’s CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3608
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3609
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3614
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3622