Apple updates to 10.4.8 and Security Update 2006-006

Apple updates to 10.4.8 and Security Update 2006-006
Looks like it's time to click on the Apple in the top left of your screen, then followed by "Software Update..." (or however you choose to update) Lots of Updates today for Apple: The entire iLife Suite gets an update. Plus OSX goes from 10.4.7 to 10.4.8 and Security Update 2006-006 is bundled in too. Lets take a look at whats in the update: The 10.4.8 Update is recommended for all users and includes general operating system fixes, as well as specific fixes for the following applications and technologies: - connecting to wireless networks using the EAP-FAST protocol - Apple USB modem reliability - using OpenType fonts in Microsoft Word - compatibility with 3rd party USB hubs - scanner performance - RAW camera support - printing documents with Asian language names - performance of the Translation widget - broadband network performance Security Update 2006-006 says: CFNetwork CVE-ID: CVE-2006-4390 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: CFNetwork clients such as Safari may allow unauthenticated SSL sites to appear as authenticated Flash Player CVE-ID: CVE-2006-3311, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Playing Flash content may lead to arbitrary code execution ImageIO CVE-ID: CVE-2006-4391 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted JPEG2000 image may lead to an application crash or arbitrary code execution Kernel CVE-ID: CVE-2006-4392 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Local users may be able to run arbitrary code with raised privileges LoginWindow CVE-ID: CVE-2006-4397 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: After an unsuccessful attempt to log in to a network account, Kerberos tickets may be accessible to other local users CVE-ID: CVE-2006-4393 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Kerberos tickets may be accessible to other local users if Fast User Switching is enabled CVE-ID: CVE-2006-4394 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Network accounts may be able to bypass loginwindow service access controls Preferences CVE-ID: CVE-2006-4387 Available for: Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: After removing an account's Admin privileges, the account may still manage WebObjects applications QuickDraw Manager CVE-ID: CVE-2006-4395 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Opening a malicious PICT image with certain applications may lead to an application crash or arbitrary code execution SASL CVE-ID: CVE-2006-1721 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Remote attackers may be able to cause an IMAP server denial of service WebCore CVE-ID: CVE-2006-3946 Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4 through Mac OS X v10.4.7, Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Viewing a maliciously-crafted web page may lead to arbitrary code execution Workgroup Manager CVE-ID: CVE-2006-4399 Available for: Mac OS X Server v10.4 through Mac OS X Server v10.4.7 Impact: Accounts in a NetInfo parent that appear to use ShadowHash passwords may still use crypt Updates we are still waiting on from Apple: php SSL/SSH (those just came out, but still) Read all about the update here.	Joel 454 Posts Sep 29th 2006
Thread locked Subscribe	Sep 29th 2006 1 decade ago