Masaca's Blog 2

独り言・日記・愚痴・戯言・備忘録・・・。なんとでもお呼び下され(笑)。

Safari 3.2.2 for WIndows

2009-02-13 08:46:38 | Apple
Safari 3.2.2 for Windwsが出ているようです。以下、Apple Product Securityからのメールを引用。
APPLE-SA-2009-02-12 Safari 3.2.2 for Windows

Safari 3.2.2 for Windows is now available and addresses the following:

Safari
CVE-ID: CVE-2009-0137
Available for: Windows XP or Vista
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
Description: Multiple input validation issues exist in Safari's handling of feed: URLs. The issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. These issues do not affect Mac OS X systems that have applied Security Update 2009-001. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.


Safari 3.2.2 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

Java for Mac OS X 10.4 アップデート, Release 8

2009-02-13 08:45:51 | Apple
Java for Mac OS X 10.4 アップデート, Release 8がソフトウェア・アップデート経由で出ています。以下、Apple Product Securityからのメールを引用。
APPLE-SA-2009-02-12 Java for Mac OS X 10.4, Release 8

Java for Mac OS X 10.4, Release 8 is now available and addresses the following:

Java
CVE-ID: CVE-2008-2086, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343
Available for: Mac OS X v10.4.11 with Java for Mac OS X 10.4, Release 7, Mac OS X Server v.10.4.11 with Java for Mac OS X 10.4, Release 7
Impact: Multiple vulnerabilities in Java Web Start and Java Plug-in
Description: Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user. This update provides patches for the Java Bug IDs 6694892, 6707535, 6727081 and 6767668 from Sun Microsystems.

Java for Mac OS X 10.4, Release 8 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.4Release8.dmg
Its SHA-1 digest is: 32a5be5e8bdfd9d6ba95d08eb45f9ef4edfd877e

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

Java for Mac OS X 10.5 アップデート3 1.0

2009-02-13 08:44:03 | Apple
Java for Mac OS X 10.5 アップデート3 1.0がソフトウェア・アップデート経由で出ています。
Java for Mac OS X 10.5 3 1.0 2.9 MB
Java for Mac OS X 10.5 アップデート 3 によって、Mac OS X 10.5.6 以降で動作する Java のセキュリティと互換性が向上します。

このアップデートについて詳しくは、この Web サイトを参照してください:http://support.apple.com/kb/HT3374?viewlocale=ja_JP

このアップデートのセキュリティの内容については、この Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale
以下、Apple Product Securityからのメールを引用。
APPLE-SA-2009-02-12 Java for Mac OS X 10.5 Update 3

Java for Mac OS X 10.5 Update 3 is now available and addresses the following:

Java
CVE-ID: CVE-2008-2086, CVE-2008-5340, CVE-2008-5342, CVE-2008-5343
Available for: Mac OS X v10.5.6 and later with Java for Mac OS X 10.5 Update 2, Mac OS X Server v10.5.6 and later with Java for Mac OS X 10.5 Update 2
Impact: Multiple vulnerabilities in Java Web Start and Java Plug-in
Description: Multiple vulnerabilities exist in Java Web Start and the Java Plug-in, the most serious of which may allow untrusted Java Web Start applications and untrusted Java applets to obtain elevated privileges. Visiting a web page containing a maliciously crafted Java applet may lead to arbitrary code execution with the privileges of the current user. This update provides patches for the Java Bug IDs 6694892, 6707535, 6727081 and 6767668 from Sun Microsystems.

Java for Mac OS X 10.5 Update 3 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.5Update3.dmg
Its SHA-1 digest is: c4b2a1ed7a6629a0dee6498758c69d5b473ed6dc

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

Security Update 2009-001 1.0

2009-02-13 08:43:41 | Apple
Security Update 2009-001 1.0がソフトウェア・アップデート経由で出ています。
Security Update 2009-001 1.0 44.1 MB
すべてのユーザに、Security Update 2009-001 を適用して、Mac OS X のセキュリティを強化することを推奨します。これまでの改良箇所も今回のセキュリティアップデートに含まれています。

このアップデートのセキュリティに関する内容について詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale=ja_JP
以下、Apple Product Securityからのメールを項目とImpactのみ引用。
APPLE-SA-2009-02-12 Security Update 2009-001

Security Update 2009-001 is now available and addresses the following:

AFP Server
CVE-ID: CVE-2009-0142
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service

Apple Pixlet Video
CVE-ID: CVE-2009-0009
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

CarbonCore
CVE-ID: CVE-2009-0020
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Opening a file with a maliciously crafted resource fork may
lead to an unexpected application termination or arbitrary code execution

CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of cookies with null expiration times

CFNetwork
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Restores proper operation of session cookies across applications

Certificate Assistant
CVE-ID: CVE-2009-0011
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant

ClamAV
CVE-ID: CVE-2008-5050, CVE-2008-5314
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in ClamAV 0.94

CoreText
CVE-ID: CVE-2009-0012
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution

CUPS
CVE-ID: CVE-2008-5183
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Visiting a maliciously crafted website may lead to an unexpected application termination

DS Tools
CVE-ID: CVE-2009-0013
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Passwords supplied to dscl are exposed to other local users

fetchmail
CVE-ID: CVE-2007-4565, CVE-2008-2711
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in fetchmail 6.3.8

Folder Manager
CVE-ID: CVE-2009-0014
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Other local users may access the Downloads folder

FSEvents
CVE-ID: CVE-2009-0015
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available

Network Time
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: The Network Time service configuration has been updated

perl
CVE-ID: CVE-2008-1927
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution

Printing
CVE-ID: CVE-2009-0017
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may obtain system privileges

python
CVE-ID: CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-2316, CVE-2008-3142, CVE-2008-3144, CVE-2008-4864, CVE-2007-4965, CVE-2008-5031
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in python

Remote Apple Events
CVE-ID: CVE-2009-0018
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Sending Remote Apple events may lead to the disclosure of sensitive information

Remote Apple Events
CVE-ID: CVE-2009-0019
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information

Safari RSS
CVE-ID: CVE-2009-0137
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution

servermgrd
CVE-ID: CVE-2009-0138
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Remote attackers may be able to access Server Manager without valid credentials

SMB
CVE-ID: CVE-2009-0139
Available for: Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges

SMB
CVE-ID: CVE-2009-0140
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown

SquirrelMail
CVE-ID: CVE-2008-2379, CVE-2008-3663
Available for: Mac OS X Server v10.4.11, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in SquirrelMail

X11
CVE-ID: CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: Multiple vulnerabilities in X11 server

X11
CVE-ID: CVE-2006-1861, CVE-2006-3467, CVE-2007-1351, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in FreeType v2.1.4

X11
CVE-ID: CVE-2007-1351, CVE-2007-1352, CVE-2007-1667
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in LibX11

XTerm
CVE-ID: CVE-2009-0141
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6, Mac OS X Server v10.5.6
Impact: A local user may send information directly to another user's Xterm

Security Update 2009-001 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

For Mac OS X v10.5.6
The download file is named: "SecUpd2009-001.dmg"
Its SHA-1 digest is: 08d8e962e2687f01b3cdc4cb386ef4e44992a1e0

For Mac OS X Server 10.5.6
The download file is named: "SecUpdSrvr2009-001.dmg"
Its SHA-1 digest is: b44344f918cbf15266cde2c989c443e455ccd88f

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2009-001Intel.dmg"
Its SHA-1 digest is: e1e1a09d9543fe1a1acc759c5ed11dde58f84e0e

For Mac OS X v10.4.11 (PPC)
The download file is named: "SecUpd2009-001PPC.dmg"
Its SHA-1 digest is: a9158bed12fa6650634bc8f972a7990cddb765d9

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2009-001Univ.dmg"
Its SHA-1 digest is: 6b056d47bbf2566cda7908590fc2ccd0ab4b889f

For Mac OS X Server v10.4.11 (PPC)
The download file is named: "SecUpdSrvr2009-001PPC.dmg"
Its SHA-1 digest is: a9f97ba89b8acc6927779859bbec3787d1fb3b2a

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

GarageBand アップデート 5.0.1

2009-02-11 10:31:30 | Apple
GarageBand アップデート 5.0.1がソフトウェアアップデート経由で出ています。
GarageBand アップデート 5.0.1 26.7 MB
このアップデートにより全体的な安定性が向上し、“演奏方法を学ぶ”レッスンストアからのレッスンのダウンロードに関する問題にも対処しています。すべての GarageBand '09 ユーザにお勧めします。

Keynote アップデート4.0.4

2009-02-03 08:38:12 | Apple
Keynote アップデート4.0.4がソフトウェアアップデート経由で出ています。
Keynote アップデート 4.0.4 32.5 MB
このアップデートでは、Microsoft Office PowerPoint 2007 および Microsoft Office PowerPoint 2008 との互換性の問題が改善されています。また、全般的な互換性の問題も改善されています。

iLife メディアブラウザアップデート 2.0

2009-01-28 22:37:55 | Apple
iLife メディアブラウザアップデート 2.0がソフトウェアアップデート経由で出ています。
iLife メディアブラウザアップデート 2.0 3.8 MB
このアップデートにより、全体的な安定性が向上し、その他の小さな問題にも対処しています。Aperture、iLife ’08、iWork ’08、および Mac OS X 10.5.6 Leopard 以降をお使いのすべてのユーザにこのアップデートを推奨します。

QuickTime 7.6

2009-01-22 11:48:04 | Apple
QuickTime 7.6がソフトウェアアップデート経由で出ています。
QuickTime 7.6 75.1 MB
QuickTime 7.6 では、信頼性の改善、互換性の向上、およびセキュリティの改善を実現する変更が加えられています。すべての QuickTime 7 ユーザにこのリリースを推奨します。

このアップデートについて詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT3292?viewlocale=ja_JP

このアップデートのセキュリティ関連の内容については、次の Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale=ja_JP
以下、Apple Product Securityからのメールを引用。
APPLE-SA-2009-01-21 QuickTime 7.6
QuickTime 7.6 is now available and addresses the following issues:

QuickTime
CVE-ID: CVE-2009-0001
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of RTSP URLs. Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of RTSP URLs. Credit to Attila Suszter for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0002
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0003
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Viewing a maliciously crafted AVI movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow may occur while processing an AVI movie file. Opening a maliciously crafted AVI movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0004
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in the handling of MPEG-2 video files with MP3 audio content. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Chad Dougherty of the CERT Coordination Center for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0005
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption exists in QuickTime's handling of H.263 encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of H.263 encoded movie files. Credit to Dave Soldera of NGS Software for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0006
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A signedness issue exists in QuickTime's handling of Cinepak encoded movie files, which may result in a heap buffer overflow. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2009-0007
Available for: Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's handling of jpeg atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with the TippingPoint Zero Day Initiative for reporting this issue.

QuickTime 7.6 may be obtained from the Software Update application, or from the QuickTime Downloads site: http://www.apple.com/quicktime/download/

For Mac OS X v10.5 or later
The download file is named: "QuickTime76_Leopard.dmg"
Its SHA-1 digest is: 2b09c606ad381642d3ba34a32aaa6b50c7fc7ce7

For Mac OS X v10.4.9 through Mac OS X v10.4.11
The download file is named: "QuickTime76_Tiger.dmg"
Its SHA-1 digest is: a015254c7277d70f73d2e10d519dff38502db271

For Windows Vista / XP SP2 and SP3
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 5de952ab8a9b7c6b19854592be48942999acf00b

QuickTime with iTunes for Windows 32-bit XP or Vista
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 50c0e31eda9ab0a5902d2242ba2fd74ef5be7c99

QuickTime with iTunes for Windows 64-bit Vista
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: b7a5b654877ddd2d2db8c6fa201000221398bdd9

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

APPLE-SA-2009-01-21 QuickTime MPEG-2 Playback Component

The QuickTime MPEG-2 Playback Component for Windows is now available and addresses the following issue:

CVE-ID: CVE-2009-0008

Available for: Windows Vista, XP SP2 and SP3

Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description: An input validation issue exists in the QuickTime MPEG-2 Playback Component for Windows. Accessing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of MPEG-2 files. This issue does not affect systems running Mac OS X. Credit to Richard Lemon of Code Lemon for reporting this issue.

The QuickTime MPEG-2 Playback Component is not installed by default, and is provided separately from QuickTime. Details are available via http://www.apple.com/quicktime/mpeg2/ Users who have paid for and downloaded an earlier version of the QuickTime MPEG-2 Playback Component from the Apple Store may download the updated version for free.

The steps to determine that a system has the updated version are listed at http://support.apple.com/kb/HT3381.
The version number of the updated QuickTime MPEG-2 Playback Component for Windows is 7.60.92.0.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

デジタルカメラ RAW 互換性アップデート 2.4

2008-12-25 01:12:09 | Apple
デジタルカメラ RAW 互換性アップデート 2.4がソフトウェアアップデート経由で出ています・
デジタルカメラ RAW 互換性アップデート 2.4 4.4 MB
このアップデートは、Aperture 2 および iPhoto '08 の RAW ファイル互換性を拡張し、以下のカメラに対応します:

Canon EOS 5D Mark II
Canon PowerShot G10
Pentax K2000/K-m
Leaf AFi-II 6
Leaf AFi-II 7
Leaf Aptus-II 6
Leaf Aptus-II 7
Leica M8.2
また、このアップデートは、特定のカメラおよび全体的な安定性に関連する問題を解決します。

Mac OS X アップデート 10.5.6

2008-12-16 03:34:43 | Apple
Mac OS X アップデート 10.5.6がソフトウェアアップデート経由で出ています。
Mac OS X アップデート 10.5.6 190 MB
10.5.6 アップデートは、Mac OS X Leopard を使用しているすべてのユーザにお勧めします。お使いの Mac の安定性、互換性、およびセキュリティを向上させるオペレーティングシステムの全般的な修正が含まれています。

このアップデートについて詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT3194?viewlocale=ja_JP
セキュリティアップデートについて詳しくは、次の Web サイトを参照してください:http://support.apple.com/kb/HT1222?viewlocale=ja_JP
以下、Apple Product Securityからのメールを長いので項目のみ引用。
APPLE-SA-2008-12-15 Security Update 2008-008 / Mac OS X v10.5.6

Security Update 2008-008 / Mac OS X v10.5.6 is now available and addresses the following issues:

ATS
CVE-ID: CVE-2008-4236
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing or downloading a PDF file containing a maliciously crafted embedded font may lead to a denial of service

BOM
CVE-ID: CVE-2008-4217
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Downloading or viewing a maliciously crafted CPIO archive may lead to arbitrary code execution or unexpected application termination

CoreGraphics
CVE-ID: CVE-2008-3623
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Viewing a maliciously crafted image may lead to an unexpected application termination or arbitrary code execution

CoreServices
CVE-ID: CVE-2008-3170
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Visiting a maliciously crafted website may lead to the disclosure of user credentials

CoreTypes
CVE-ID: CVE-2008-4234
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Attempting to launch unsafe downloaded content may not lead to a warning

Flash Player Plug-in
CVE-ID: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820, CVE-2008-4821, CVE-2008-4822, CVE-2008-4823, CVE-2008-4824
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

Kernel
CVE-ID: CVE-2008-4218
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A local user may obtain system privileges

Kernel
CVE-ID: CVE-2008-4219
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Running an executable that links dynamic libraries on an NFS share may lead to an unexpected system shutdown

Libsystem
CVE-ID: CVE-2008-4220
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the inet_net_pton API may be vulnerable to arbitrary code execution or an unexpected application termination

Libsystem
CVE-ID: CVE-2008-4221
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strptime API may be vulnerable to arbitrary code execution or unexpected application termination

Libsystem
CVE-ID: CVE-2008-1391
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Applications that use the strfmon API may be exposed to an unexpected application termination or arbitrary code execution

Managed Client
CVE-ID: CVE-2008-4237
Available for: Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: The managed screen saver settings are not applied

network_cmds
CVE-ID: CVE-2008-4222
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to cause a denial of service if Internet Sharing is enabled

Podcast Producer
CVE-ID: CVE-2008-4223
Available for: Mac OS X Server v10.5 through v10.5.5
Impact: A remote attacker may be able to access the administrative functions of Podcast Producer

UDF
CVE-ID: CVE-2008-4224
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.5, Mac OS X Server v10.5 through v10.5.5
Impact: Opening an ISO file may lead to an unexpected system shutdown

Security Update 2008-008 and Mac OS X v10.5.6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2008-008 or Mac OS X v10.5.6.

For Mac OS X v10.5.5
The download file is named: "MacOSXUpd10.5.6.dmg"
Its SHA-1 digest is: 684f67524a92b4314a4bdd52498fb3b6af8f9ded

For Mac OS X v10.5 - v10.5.4
The download file is named: "MacOSXUpdCombo10.5.6.dmg"
Its SHA-1 digest is: 09de4ac2c5591ab75d51ef37dc70f9e5630150d4

For Mac OS X Server v10.5.5
The download file is named: "MacOSXServerUpd10.5.6.dmg"
Its SHA-1 digest is: bd14ab94b9bcc896da1613ac761171b54286bcac

For Mac OS X Server v10.5 - v10.5.4
The download file is named: "MacOSXServerUpdCombo10.5.6.dmg"
Its SHA-1 digest is: e20d8d458be3ec51b0083ff823ce27def00dbca7

For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-008Intel.dmg"
Its SHA-1 digest is: 651e592fad1bd158a76459a81d2ebede1f3bedea

For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-008PPC.dmg"
Its SHA-1 digest is: 9bb2aa7fcc924715b6442e808fc778789f359906

For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-008Univ.dmg"
Its SHA-1 digest is: 21702064037150cdeb9d708304ee91eb254c7371

For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-008PPC.dmg"
Its SHA-1 digest is: d0e4720051ea27b8edf0ab2a124d6e9f0e16534c

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

iTunes 8.0.2 アップデート

2008-11-22 09:07:21 | Apple
iTunes 8.0.2 アップデートがソフトウェアアップデート経由で出ています。
iTunes 8.0.2 60.3 MB
iTunes 8 には、ライブラリの中から同じテイストの曲を自動的に選択してプレイリストを作成する Genius 機能が含まれています。また、Genius 機能の一部である Genius サイドバーでは、iTunes Store の中からまだお持ちでない曲をお勧めします。

iTunes 8 を使って、新しいグリッド表示でアーティストとアルバムをブラウズしましょう。iTunes Store からお気に入りのテレビ番組を HD 品質でダウンロードしましょう。メディアを iPod nano(第四世代)、iPod classic(120 GB)、および iPod touch(第二世代)と同期しましょう。そして、魅力あふれる新しいミュージックビジュアライザを楽しみましょう。

iTunes 8 および iTunes U は、お使いの Mac 上で VoiceOver を使ってアクセスできるようになりました。

iTunes 8.0.2 では、安定性とパフォーマンスが向上し、以下を含む多数の重要な不具合の修正が提供されています。

  • 一部のコンピュータで MP3 を作成するときの品質の問題を解決します。
  • Mac OS X で一部のインターネットプロキシを使用する場合の iTunes Store の接続の問題を解決します。
  • VoiceOver を使用したユーザ補助機能が向上します。