Apple OS X
Apple Safari (Tiger)

Category: ALERT
Severity: HIGH
Attention: OS X and Safari users, System Administrators, Desktop Support Personnel.

Summary: On June 30 2008 Apple released updates for a variety of its most popular products.  Security Update 2008-04 and Mac OS X 10.5.4 address 13 vulnerabilities in numerous services including VPN, Tomcat, and launch Services.  Several of these vulnerabilities could be exploited by a remote attacker and/or by visiting maliciously-crafted websites* and could result in application crash or takeover of a vulnerable computer.  Safari 3.1.2 for Tiger was released as well; according to the vendor this update includes "stability improvements and the latest security updates."

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

Recommended Actions:  OS X and Safari (Tiger) users, system administrators, and support personnel are encouraged to read the security advisory and apply the necessary update(s) as soon as possible.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Security Update 2008-04/ OS X 10.5.4 security content page:
http://support.apple.com/kb/HT2163

Safari for Tiger security content page:
http://www.apple.com/support/downloads/safari312fortiger.html

Apple Downloads Page:
http://www.apple.com/support/downloads/