Published: 2007-11-17T16:32+00:00
Last Updated: 2007-11-18T05:29+00:00
TRTA07-319A
Apple Updates for Multiple Vulnerabilities
Overview
Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
Event Information
| Date (UTC) | Description |
| 2007-11-16 03:02 |
RISE Security RISE-2007004: Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability i386_set_ldt Integer Overflow Vulnerability (CVE-2007-4684) There exists a vulnerability within an architecture dependent function of the Apple Mac OS X 10.4.x kernel, which when properly exploited can lead to local compromise of the vulnerable system. #Cid: osx-x86-ldt.c |
| 2007-11-15 18:34 |
US-CERT TA07-319A: Apple Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2007-11-15 12:43 |
US-CERT Apple Releases Security Updates to Address Multiple Vulnerabilities US-CERT Current Activity Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or access the system with escalated privileges. |
| 2007-11-13 |
Apple Article ID: 307041: About the security content of Mac OS X 10.4.11 and Security Update 2007-008 |
| 2007-09-07 |
iDefense Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability Mach Port Privilege Escalation Vulnerability (CVE-2007-3749) Vulnerability Reported When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. |
| 2007-08-08 |
iDefense Apple Mac OS X AppleTalk ASP Message Kernel Heap Overflow Vulnerability AppleTalk ASP Message Kernel Heap Overflow Vulnerability (CVE-2007-4269) Vulnerability Reported The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. |
| 2007-08-08 |
iDefense Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability AppleTalk mbuf Kernel Heap Overflow Vulnerability (CVE-2007-4268) Vulnerability Reported The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. |
| 2007-08-08 |
iDefense Apple Mac OS X AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability AppleTalk Socket IOCTL Kernel Stack Buffer Overflow Vulnerability (CVE-2007-4267) Vulnerability Reported The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table. |
Other Information