APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2

• Subject: APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2
• From: Apple Product Security <email@hidden>
• Date: Tue, 16 Sep 2008 13:32:51 -0700
• Delivered-to: email@hidden
• Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2

Apple Remote Desktop 3.2.2 is now available and addresses the
following issue:

Apple Remote Desktop
CVE-ID:  CVE-2008-2830
Available for:  Apple Remote Desktop 3.2.1,
Mac OS X v10.3 through v10.5.5, Mac OS X Server v10.3 through v10.5.5
Impact:  A local user may execute commands with elevated privileges
unless Security Update 2008-005 has been installed
Description:  A design issue exists in the Open Scripting
Architecture libraries when determining whether to load scripting
addition plugins into applications running with elevated privileges.
This update mitigates the issue for Apple Remote Desktop by disabling
scripting of ARDAgent.  This issue does not affect systems that have
installed Security Update 2008-005.  Credit to Charles Srstka for
reporting this issue.

Apple Remote Desktop 3.2.2 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Apple Remote Desktop 3.2.2 Client
The download file is named:  "RemoteDesktopClient.dmg"
Its SHA-1 digest is:  b1a81f17724d9b2f7b6dbffed56bc9a0463d1d7e

For Apple Remote Desktop 3.2.2 Admin
The download file is named:  "RemoteDesktopAdmin322.dmg"
Its SHA-1 digest is:  d9657c10ed4bc29cfe8cc64e0727ffd4ed8a1425

Information will also be posted to the Apple Security Updates
web site:  http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: 9.7.2.1608

wsBVAwUBSNAXqHkodeiKZIkBAQgxtAf+NaV7B6mvvrRz3rzYmsqXeoZ5wGe2kbk5
cQA1n0glYAMF1W7r3x2YOWrRSBsMcbeupjkXJnx4OX9UCnuBIC/+6ZuMUgVSOix8
Z565sy9DESdN2OsnDT12RLjHKoQ/gy5g3tTlSifdT70+e3S7vRBmYWSIQRnZQam1
ri+G67cNds6AZZpi9H8Jkmq4uhQrpJDJoqrm4amI70iTx82ljHCm07l0lS2DF5b+
939E3xeZVWQLHZPCGpuDFBlufefVYeN7pJddwwOJ3pPZLLc1U7nkad0Bt/KB8j0/
GhXwvMeJMbz52EBc9TEEWgCt2A9C9WeDZogZCR0HKSgD9D2Uh+tEIg==
=ykeB
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden



Prev by Date:
APPLE-SA-2008-09-15 Mac OS X v10.5.5 and Security Update 2008-006

Next by Date:
APPLE-SA-2008-09-24 Java for Mac OS X 10.5 Update 2

Previous by thread:
APPLE-SA-2008-09-15 Mac OS X v10.5.5 and Security Update 2008-006

Next by thread:
APPLE-SA-2008-09-24 Java for Mac OS X 10.5 Update 2

Index(es):

Date
Thread













  

   
Home
   
Archives
   
Terms/Conditions
   
Contact
   
RSS
   
Lists
   
About
 






Visit the Apple Store online or at retail locations.

1-800-MY-APPLE
Contact Apple | Terms of Use | Privacy Policy
Copyright © 2011 Apple Inc. All rights reserved.