Security-announce
Threads by month
- ----- 2025 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
May 2008
- 1 participants
- 2 discussions
APPLE-SA-2008-05-28 Security Update 2008-003 and Mac OS X v10.5.3
by Apple Product Security 28 May '08
by Apple Product Security 28 May '08
28 May '08
site_archiver(a)lists.apple.com
Delivered-To: security-announce(a)lists.apple.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2008-05-28 Security Update 2008-003 and Mac OS X v10.5.3
Security Update 2008-003 and Mac OS X v10.5.3 are now available and
address the following issues:
AFP Server
CVE-ID: CVE-2008-1027
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Files that are not designated for sharing may be accessed
remotely
Description: AFP Server did not check that a file or directory to be
served was inside a folder designated for sharing. A connected user
or guest may access any files or folders for which they have
permission, even if not contained in folders designated for sharing.
This update addresses the issue by denying access to files and
folders that are not inside a folder designated for sharing. Credit
to Alex deVries and Robert Rich for reporting this issue.
Apache
CVE-ID: CVE-2005-3352, CVE-2005-3357, CVE-2006-3747, CVE-2007-1863,
CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388
Available for: Mac OS X Server v10.4.11
Impact: Multiple vulnerabilities in Apache 2.0.55
Description: Apache is updated to version 2.0.63 to address several
vulnerabilities, the most serious of which may lead to cross-site
scripting. Further information is available via the Apache web site
at http://httpd.apache.org. Apache 2.0.x is only shipped with Mac OS
X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server
v10.5.x ship with Apache 2.2.x. The issues that affected Apache 2.2.x
were addressed in Security Update 2008-002 for Mac OS X v10.5.2 and
Mac OS X Server v10.5.2.
AppKit
CVE-ID: CVE-2008-1028
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Opening a maliciously crafted file may lead to an unexpected
application termination or arbitrary code execution
Description: An implementation issue exists in AppKit's processing
of document files. Opening a maliciously crafted file in an editor
that uses AppKit, such as TextEdit, may cause an unexpected
application termination or arbitrary code execution. This update
addresses the issue through improved validation of document files.
This issue does not affect systems running Mac OS X 10.5 or later.
Credit to Rosyna of Unsanity for reporting this issue.
Apple Pixlet Video
CVE-ID: CVE-2008-1577
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Opening a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues exist in the handling
of files using the Pixlet codec. Opening a maliciously crafted movie
file may cause an unexpected application termination or arbitrary
code execution. This update addresses the issue through improved
bounds checking.
ATS
CVE-ID: CVE-2008-1575
Available for: Mac OS X v10.5 through v10.5.2,
Mac OS X Server v10.5 through v10.5.2
Impact: Printing a PDF document containing a maliciously crafted
embedded font may lead to arbitrary code execution
Description: A memory corruption issue exists in the Apple Type
Services server's handling of embedded fonts in PDF files. Printing a
PDF document containing a maliciously crafted font may lead to
arbitrary code execution. This update addresses the issue by
performing additional validation of embedded fonts. This issue does
not affect systems prior to Mac OS X v10.5. Credit to Melissa O'Neill
of Harvey Mudd College for reporting this issue.
CFNetwork
CVE-ID: CVE-2008-1580
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An information disclosure issue exists in Safari's SSL
client certificate handling. When a web server issues a client
certificate request, the first client certificate found in the
keychain is automatically sent, which may lead to the disclosure of
the information contained in the certificate. This update addresses
the issue by prompting the user before sending the certificate.
CoreFoundation
CVE-ID: CVE-2008-1030
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Applications' use of the CFData API in certain ways may lead
to an unexpected application termination or arbitrary code execution
Description: An integer overflow in CoreFoundation's handling of
CFData objects may result in a heap buffer overflow. An application
calling CFDataReplaceBytes with an with invalid length argument may
unexpectedly terminate or lead to arbitrary code execution. This
update addresses the issue by performing additional validation of
length parameters.
CoreGraphics
CVE-ID: CVE-2008-1031
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized variable issue exists in CoreGraphics'
handling of PDF files. Opening a maliciously crafted PDF file may
cause an unexpected application termination or arbitrary code
execution. This update addresses the issue through proper
initialization of pointers.
CoreTypes
CVE-ID: CVE-2008-1032
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Users are not warned before opening certain potentially
unsafe content types
Description: This update extends the system's list of content types
that will be flagged as potentially unsafe under certain
circumstances, such as when they are downloaded from a web page.
While these content types are not automatically launched, if manually
opened they could lead to the execution of a malicious payload. This
update improves the system's ability to notify users before handling
content types used by Automator, Help, Safari, and Terminal. On Mac
OS X v10.4 this functionality is provided by the Download Validation
feature. On Mac OS X v10.5 this functionality is provided by the
Quarantine feature. Credit to Brian Mastenbrook for reporting this
issue.
CUPS
CVE-ID: CVE-2008-1033
Available for: Mac OS X v10.5 through v10.5.2,
Mac OS X Server v10.5 through v10.5.2
Impact: Printing to password-protected printers with debug logging
enabled may lead to the disclosure of sensitive information
Description: An issue exists in the CUPS scheduler's check of the
authentication environment variables when debug logging is enabled.
This may lead to the disclosure of the username, domain, and password
when printing to a password-protected printer. This update addresses
the issue by properly validating environment variables. This issue
does not affect systems prior to Mac OS X v10.5 with Security Update
2008-002 installed.
Flash Player Plug-in
CVE-ID: CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6637,
CVE-2007-6019, CVE-2007-0071, CVE-2008-1655, CVE-2008-1654
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Opening maliciously crafted Flash content may lead to
arbitrary code execution
Description: Multiple issues exist in Adobe Flash Player Plug-in,
the most serious of which may lead to arbitrary code execution. This
update addresses the issue by updating to version 9.0.124.0. Further
information is available via the Adobe web site at
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Help Viewer
CVE-ID: CVE-2008-1034
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A malicious help:topic URL may cause an unexpected
application termination or arbitrary code execution
Description: An integer underflow in Help Viewer's handling of
help:topic URLs may result in a buffer overflow. Accessing a
malicious help:topic URL may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through improved bounds checking. This issue does not affect
systems running Mac OS X 10.5 or later. Credit to Paul Haddad of PTH
Consulting for reporting this issue.
iCal
CVE-ID: CVE-2008-1035
Available for: Mac OS X v10.5 through v10.5.2,
Mac OS X Server v10.5 through v10.5.2
Impact: Opening a maliciously crafted iCalendar file in iCal may
lead to an unexpected application termination or arbitrary code
execution
Description: A use-after-free issue exists in the iCal application's
handling of iCalendar (usually ".ics") files. Opening a maliciously
crafted iCalendar file in iCal may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue by improving reference counting in the affected code. This
issue does not affect systems prior to Mac OS X v10.5. Credit to
Rodrigo Carvalho of Core Security Technologies for reporting this
issue.
International Components for Unicode
CVE-ID: CVE-2008-1036
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Visiting certain web sites may result in the disclosure of
sensitive information
Description: A conversion issue exists in ICU's handling of certain
character encodings. Particular invalid character sequences may not
appear in the converted output, and this can affect content filters.
Visiting a maliciously crafted web site may lead to cross site
scripting and the disclosure of sensitive information. This update
addresses the issue by replacing invalid character sequences with a
fallback character.
Image Capture
CVE-ID: CVE-2008-1571
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Accessing a maliciously crafted URL may lead to information
disclosure
Description: A path traversal issue exists in Image Capture's
embedded web server. This may lead to the disclosure of local files
on the server system. This update addresses the issue through
improved URL handling. This issue does not affect systems running Mac
OS X v10.5 or later.
Image Capture
CVE-ID: CVE-2008-1572
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: A local user may manipulate files with the privileges of
another user running Image Capture
Description: An insecure file operation exists in Image Capture's
handling of temporary files. This could allow a local user to
overwrite files with the privileges of another user running Image
Capture, or to access the contents of images being resized. This
update addresses the issue through improved handling of temporary
files. This issue does not affect systems running Mac OS X v10.5 or
later.
ImageIO
CVE-ID: CVE-2008-1573
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Viewing a maliciously crafted BMP or GIF image may lead to
information disclosure
Description: An out-of-bounds memory read may occur in the BMP and
GIF image decoding engine, which may lead to the disclosure of
content in memory. This update addresses the issue by performing
additional validation of BMP and GIF images. Credit to Gynvael
Coldwind of Hispasec for reporting this issue.
ImageIO
CVE-ID: CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Multiple vulnerabilities in libpng version 1.2.18
Description: Multiple vulnerabilities exist in libpng version
1.2.18, the most serious of which may lead to a remote denial of
service. This update addresses the issue by updating to version
1.2.24. Further information is available via the libpng website at
http://www.libpng.org/pub/png/libpng.html
ImageIO
CVE-ID: CVE-2008-1574
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Viewing a maliciously crafted JPEG2000 image file may lead
to an unexpected application termination or arbitrary code execution
Description: An integer overflow in the handling of JPEG2000 image
files may result in a heap buffer overflow. Viewing a maliciously
crafted JPEG2000 image file may lead to an unexpected application
termination or arbitrary code execution. This update addresses the
issue through additional validation of JPEG2000 images.
Kernel
CVE-ID: CVE-2008-0177
Available for: Mac OS X v10.5 through v10.5.2,
Mac OS X Server v10.5 through v10.5.2
Impact: A remote attacker may be able to cause to an unexpected
system shutdown
Description: An undetected failure condition exists in the handling
of packets with an IPComp header. By sending a maliciously crafted
packet to a system configured to use IPSec or IPv6, an attacker may
cause an unexpected system shutdown. This update addresses the issue
by properly detecting the failure condition.
Kernel
CVE-ID: CVE-2007-6359
Available for: Mac OS X v10.5 through v10.5.2,
Mac OS X Server v10.5 through v10.5.2
Impact: A local user may be able to cause an unexpected system
shutdown
Description: A null pointer dereference exists in the kernel's
handling of code signatures in the cs_validate_page function. This
may allow a local user to cause an unexpected system shutdown. This
update addresses the issue by performing additional validation of
code signatures. This issue does not affect systems prior to Mac OS X
v10.5.
LoginWindow
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Managed Client preferences may not be applied
Description: This update addresses a non-security issue introduced
in Security Update 2007-004. Due to a race condition, LoginWindow may
fail to apply certain preferences to fail on systems managed by
Managed Client for Mac OS X (MCX). This update addresses the issue by
eliminating the race condition in the handling of managed
preferences. This issue does not affect systems running Mac OS X
v10.5.
Mail
CVE-ID: CVE-2008-1576
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Impact: Sending mail through an SMTP server over IPv6 may lead to an
unexpected application termination, information disclosure, or
arbitrary code execution
Description: An uninitialized buffer issue exists in Mail. When
sending mail through an SMTP server over IPv6, Mail may use a buffer
containing partially uninitialized memory, which could result in the
disclosure of sensitive information to message recipients and mail
server administrators. This could also potentially lead to an
unexpected application termination or arbitrary code execution. This
update addresses the issue by properly initializing the variable.
This issue does not affect systems running Mac OS X v10.5 or later.
Credit to Derek Morr of The Pennsylvania State University for
reporting this issue.
ruby
CVE-ID: CVE-2007-6612
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: A remote attacker may be able to read arbitrary files
Description: Mongrel is updated to version 1.1.4 to address a
directory traversal issue in DirHandler which may lead to the
disclosure of sensitive information. Further information is available
via the Mongrel web site at http://mongrel.rubyforge.org
Single Sign-On
CVE-ID: CVE-2008-1578
Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,
Mac OS X v10.5 through v10.5.2, Mac OS X Server v10.5 through v10.5.2
Impact: Passwords supplied to sso_util are exposed to other local
users
Description: The sso_util command-line tool required that passwords
be passed to it in its arguments, potentially exposing the passwords
to other local users. Passwords exposed include those for users,
administrators, and the KDC administration password. This update
makes the password parameter optional, and sso_util will prompt for
the password if needed. Credit to Geoff Franks of Hauptman Woodward
Institute for reporting this issue.
Wiki Server
CVE-ID: CVE-2008-1579
Available for: Mac OS X Server v10.5 through v10.5.2
Impact: A remote attacker may determine valid user names on servers
with the Wiki Server enabled
Description: An information disclosure issue exists in Wiki Server
when a nonexistent blog is accessed. Using the information in the
error message, an attacker may deduce the existence of local user
names. This update addresses the issue through improved handling of
error messages. This issue does not affect systems prior to Mac OS X
v10.5. Credit to Don Rainwater of the University of Cincinnati for
reporting this issue.
Security Update 2008-003 and Mac OS X v10.5.3 may be obtained from
the Software Update pane in System Preferences, or Apple's Software
Downloads web site:
http://www.apple.com/support/downloads/
The Software Update utility will present the update that applies
to your system configuration. Only one is needed, either
Security Update 2008-003 or Mac OS X v10.5.3.
For Mac OS X v10.5.2
The download file is named: "MacOSXUpd10.5.3.dmg"
Its SHA-1 digest is: 017ef905e5653b04e2455da261e804a72bf40139
For Mac OS X v10.5 - v10.5.1
The download file is named: "MacOSXUpdCombo10.5.3.dmg"
Its SHA-1 digest is: 69acd7399de25f1548675d660fdf24eb401e3de3
For Mac OS X Server v10.5.2
The download file is named: "MacOSXServerUpd10.5.3.dmg"
Its SHA-1 digest is: 336c9dceca724eab0b8c9db3943be3f9ecf244a4
For Mac OS X Server v10.5 - v10.5.1
The download file is named: "MacOSXServerUpdCombo10.5.3.dmg"
Its SHA-1 digest is: fdb2187d19ce21caecd3c3ba6b6fa6f65c9c3a4f
For Mac OS X v10.4.11 (Intel)
The download file is named: "SecUpd2008-003Intel.dmg"
Its SHA-1 digest is: 8f84d2f757c2fb277b139f72ef501dc894620e97
For Mac OS X v10.4.11 (PowerPC)
The download file is named: "SecUpd2008-003PPC.dmg"
Its SHA-1 digest is: 51e98d988c5bb09d4b1052199d90a9d65af7c8e7
For Mac OS X Server v10.4.11 (Universal)
The download file is named: "SecUpdSrvr2008-003Univ.dmg"
Its SHA-1 digest is: 337a05956b5a6e962b286a91beee9eb217a0175c
For Mac OS X Server v10.4.11 (PowerPC)
The download file is named: "SecUpdSrvr2008-003PPC.dmg"
Its SHA-1 digest is: 94cab2b4e5d26a284c5d91d0fe4dc20b4e9cfc97
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.1012
wsBVAwUBSD3jX3kodeiKZIkBAQhb6AgAwkjFq67NbZHBAE6dPYWZA6znZu5cv4wg
0lV0S2/BJ+lWwzwOcPrpEXAvVtv0TM4r4/vudd0QrFrpav0gAJotYJj/Ge8utevx
8TSqp7oOpSF4e4k67P61wY6N3f4/mSlBan0iL+UT1hUwK4ADJPRy3UI17hrN+eYW
+4JioCK71ILL8ndnjdmPnbDjZZr6ayvBCMlgopQZWWthWSNOj5saUGGw/8oQOlt8
hAkD+9RgFu4KdsVuK14O3WQ6Rou+PAgWOq9wel9S16UHjPa3ruy4zbYbiHDY6Owe
RR24opLOW5xhg9JwuFEuCqdnIBG4asb79wJ59y0VV4ninijEJElWpA==
=erRU
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce(a)lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/site_archiver%40li…
This email sent to site_archiver(a)lists.apple.com
1
0
site_archiver(a)lists.apple.com
Delivered-To: security-announce(a)lists.apple.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In accordance with established policy, we update the Apple Product
Security PGP key every two years.
Key information will be available from our web site at:
http://www.apple.com/support/security/pgp/
Here is our new PGP key which is effective immediately and valid
until May 15, 2010.
Key ID: 0x8A648901
Key Type: RSA
Expires: 5/15/10
Key Size: 2048/2048
Fingerprint: 39EC C76A 3D62 7062 C321 10B2 7928 75E8 8A64 8901
UserID: Apple Product Security
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 9.7.0.1012
mQENBEgoyd8BCADVztyF54QoqSIHwlcS4xjh0M3b2BwhNZfeeH+szSgnAsEB/WXD
xGIcDx9x5dX5WmdrAhGzTzrbr2nLeY5ldMfEMj+L9v6POINFaKFFMhMfIh5F4xDT
Wj2v57JpX/LtGul7rzvBJuKsMQy6EzMwUK4lPf0tp7Us2qga+w7FqLt+yaCgCngR
UsTG8jPW1JCfErQfWYwg8hXVQi9kQ9qWB9IDOb6b/VJrm+eL2h0hh9i8Qbr0cggL
CYPgc580hhNYEFcBkELDgIajMiF64WbBCu6Re7eW3tLTKH/gFBjQg0po6eo38CsM
1cJ20Ki8j41JdGg05BelSc3znHfuHEPtk2YjABEBAAG0M0FwcGxlIFByb2R1Y3Qg
U2VjdXJpdHkgPHByb2R1Y3Qtc2VjdXJpdHlAYXBwbGUuY29tPokBjQQQAQIAdwUC
SCjJ8wUJA8ZbgDAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdw
LmNvbXBncG1pbWUHCwkIBwMCCgIZARkYbGRhcDovL2tleXNlcnZlci5wZ3AuY29t
BRsDAAAAAxYCAQUeAQAAAAQVCAkKAAoJEHkodeiKZIkBP/IIAJQGeYkXyVGQv6cz
Nnmcc9DTomofZGTlh1lIzpfI0Q9fC/yb39Ak4MbPzRQSxpL8DhuTBKKFymi6w3jy
6hibVZQpxPuKiAKDOVrODQZ5A+yzKYQXCLNKwLDYPyIWNdH6QSnb6LNsV2kYCuak
rsgQSPUzHYW8GZ6Lf/p7jatt90AjW6Y1E9tQZos2UyuzgRa3/H4cIw7QlyxBqEKN
Aeh3Ki2uiWXiMpBZRV/mmrPh1pHxCZNwgnMEif9AYWEfhHMp4IpWxmx1Y5zb4Ut6
C4GP6o49+I/jKQbGPnUrt9v11Jw3q7qtn7OFJYDLaOKuDjdUxAsX2U+/aCGitPYK
5WS0/cmJARUDBRBIKMunyACiq7hGnm0BAi7nB/97vikdsaUUlakughB9936ydx2M
yt/pzzHvMFalixy7nPp955M09aDzKL51/oUVEch1oa8pGwT0coA4EKB/1KgLdlW2
3R1/Y2jKNI2d5i3g3SX+1M8ONvNLSBFllNbA8EfaAjEKjtS5qHLPD31sDIyR9XCZ
lL+bWIET28lkux7hLD+bb5zJRJ+tpPpQj5LPgaBAN6VJotIYOsdKAuBM5Iy3t7C2
brupn1ubkUVf9SZ59gsISLgJjwp/lqtow9WMLUs9XMFWlp/o8yarkliVTT8YN6p6
WJCRdHJ8RLGdakEdEodX0bHhlffuDQ46CoJwLyZOqtmVU8AFsAdzWL+mE399uQEN
BEgoyeABCADQSbcg1uQJngtYops0sGgQA5YBASXZ5tOlcFtezve1QTB1x2kRLBJs
v6pcR2g5JG3evpqYCv/CcZKVp4PGC2oOOyVDV5rhIRneCJt+mjVFPAwnf3qk1IDJ
hKPCzp1cRvyD1Jy+43ziKtoR1eUWYMVlB4ZpUV+maSqbFPK2SWYhp3XVpQd0rAKN
jRWs5MdBUMBLNwE9uMWZjXDk1vpwUKcplucdIz2x9vAjHlCwH7bzA0acbxyrOIP7
xNS+RhTw4+wneHCnhKrXFzx1ulmKKeCM2nzRcBK6XQjGpLRn7iI36aLZIkNy0Cj7
/yUosFli/TaCkEpDSfVU2UKYuxwZm5lbABEBAAGJAkcEGAECATEFAkgoyeEFCQPG
W4AFGwwAAADAXSAEGQEIAAYFAkgoyeAACgkQ6qGgRm6t5zGG5Qf/UjH1uYLUhvvK
oO/R5fxtB6Ccvwdu1p/5Bu9Pj7KfR3RPfZUvDApvAuYjAWcZ9UhXtTSb7pmUoksS
oVLcb0lvT1PjWrXi2Xi3bEOFcunqgymCNor9AqgjKf+3bRBm54Tm7uW8EktZk4xX
B0XXe3P8jFkdrkKjtAQYcnypCSkDUnAiwcm3NbRv9tqMiyIp6X7lfuHZ38H6XsbP
jp5eWI4fesq9kcumwNHszmjfthyKrClBCACtqZBMU2ws1cluIzjOA07tGhPaTb4l
crXpkWjQmIXDu6kC0wo5Js2wtLk+UIl8SH2Bt7tenKZPBdlRYCPhws6nc4UGxSz4
vF0gkWBMwwAKCRB5KHXoimSJAf1aCACQKb6IHtEuAS5yGT6rFMI7fQDDaZxFolyP
2oF/h2Y+Q5uBn2eh3o2MzJ6wSAk8CIk4bb0bys4DyzAmUJlmiSgl+HL85urQJf7o
PG5JtXTx5LCNGfJBiKUnLu50ROes0cZtFwd8rhQbGeuHOZQ6MgLQbVShVidrI1GE
wtpLE48BEuzRQGeSXQPJLe3HpdxdF+jVAPvNoDLY1nScT9yR6+kD0v4gZq9IoDwC
DBDti1hpukhEPLrGNGX4vrE0Dvpp0MXtQX3QBYh8eIrst/f/ZwFxzIG8Zia2slHb
oHaPysmoTlQM1gCGkcyEwGlZWpaMpSp37Om7ig14xw68vdKXVUkz
=eeVl
- -----END PGP PUBLIC KEY BLOCK-----
This message is signed with the current key, which can be obtained
from:
http://www.apple.com/support/security/pgp/archive/
Apple Product Security team
http://www.apple.com/support/security/
-----BEGIN PGP SIGNATURE-----
Version: 9.7.0.1012
wsBVAwUBSCjupMgAoqu4Rp5tAQgK2gf+M39rtHuNxeckE8WnPhiOWd6cBy5Xl6xU
LHHYcUs1/0nouIL7zkQ9rbIV29iDsjMroz+qeZOCp8KUohFF2MZLN+J8N7cefSfr
b55zhFGqkwmsaNb9Fz7OdX7ML2JZYirLw5b/mqdQoYqGlRuHzcMDuhmskILCYXqb
D63RUcXXnFMabAybJAXqs7lYPxhNO0AdCsceVvPkaGHu23n5RPJLT9dq+Cc0mqlT
TyzklycFgahXRlbzL5OUs+GyOWnbluTOEIgSVsCZFjJZkjbHa4BxRwR6AbfUuCyg
ANPhtc8agySNW/+Nu9aTRHo7RDzPvqsBbRxdA708SI9SDbNIrqqxvw==
=jHUp
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (Security-announce(a)lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/site_archiver%40li…
This email sent to site_archiver(a)lists.apple.com
1
0