Alert Number:  111507-01
Alert Date:  11/15/07
Alert Title:  Apple releases Security Updates for OS X and Safari 
Update-to:  None
OS/Platform/Application:
Mac OS X v10.3.9 (including server)
Mac OS X v10.4.n or later (including server)
Apple Safari 3 Beta on Windows XP or Vista
Category:  ALERT
Severity:  HIGH

Attention:  Mac and Windows system Administrators, Desktop Support Personnel, Mac users, Safari 3 Beta (on Windows) users.

Summary:  On November 14 2007 Apple released security updates for two of its popular products.  Security Update 2007-08 addresses 39 vulnerabilities that (if exploited) could result in a variety of outcomes including disclosure of sensitive date and arbitrary code execution. 

Note that OS X 10.4.11 has also been released; This software includes the recent security updates in addition to a number of functional improvements.

Safari 3 Beta update 3.0.4 for Windows users addresses 8 vulnerabilities that could result in arbitrary code execution.  The most common vector of exploit for the majority of these vulnerabilities is the visitation of a specifically-crafted website.

Recommended Actions:   Mac and Windows System Administrators/users are encouraged to read the security updates and (if appropriate) install the necessary patches as soon as possible.

ITS Actions:  N/A

Resources:

Apple Security Update 2007-08 and OS X 10.4.11 info page:
http://docs.info.apple.com/article.html?artnum=307041

Apple Safari Beta 3 Update 3.0.4 info page:
http://docs.info.apple.com/article.html?artnum=307038

Apple downloads page:
http://www.apple.com/support/downloads/