Bardissi Enterprises Blog

Severity: High

1 July, 2008

Summary:

§ These vulnerabilities affect: OS X 10.4.x (Tiger) and OS X 10.5.x (Leopard), both client and server versions; as well as Safari 3.x for OS X 10.4.x

§ How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site

§ Impact: Various results; in the worst case, attacker executes code on your user’s computer, potentially gaining control of your user’s computer

§ What to do: OS X administrators should download, test and install Security Update 2008-004, Mac OS X 10.5.4, and Safari 3.1.2

Severity: High

13 May, 2008

Summary:

• These vulnerabilities affect: Many current versions of Microsoft Office for Windows and Mac (also affects Word Viewer and Office Compatibility Pack)
• How an attacker exploits them: By enticing you to open maliciously crafted Office documents
• Impact: An attacker can execute code, potentially gaining complete control of your computer
• What to do: Install the appropriate Office patches immediately

Exposure:

Today, Microsoft released two security bulletins describing three vulnerabilities found in components or programs that ship with Microsoft Office for Windows (and in one case, Office for Mac). Some of the vulnerabilities also affect Microsoft Word Viewer and the Office Compatibility Pack. Each vulnerability affects different versions of Office to a different extent. The three flaws affect different components and applications within Office, but the end result is always the same: By enticing one of your users into downloading and opening a maliciously crafted Office document, an attacker can exploit any of these vulnerabilities to execute code on a victim’s computer, usually inheriting that user’s level of privileges and permissions. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

Severity: High

11 February, 2008

Summary:

• These vulnerabilities affect: OS X 10.4.11(Tiger) and OS X 10.5.x (Leopard), both client and server versions
• How an attacker exploits them: Multiple vectors of attack, including enticing one of your users into visiting a malicious web site
• Impact: Various results. In the worst case, attacker executes code on your user’s computer, with your users privileges
• What to do: OS X 10.4.11 users should install Security Update 2008-001. OS X 10.5.x users should install version 10.5.2

Exposure:

Today, Apple released a security update fixing over 11 security issues in software packages that ship as part of OS X, including Mail, Launch Services, and Samba. Many of these vulnerabilities allow attackers to execute any code they choose on your OS X machines, so we rate this update Critical. Apply it as soon as you can. Some of the fixed vulnerabilities include: