site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2008-09-16 Apple Remote Desktop 3.2.2 Apple Remote Desktop 3.2.2 is now available and addresses the following issue: Apple Remote Desktop CVE-ID: CVE-2008-2830 Available for: Apple Remote Desktop 3.2.1, Mac OS X v10.3 through v10.5.5, Mac OS X Server v10.3 through v10.5.5 Impact: A local user may execute commands with elevated privileges unless Security Update 2008-005 has been installed Description: A design issue exists in the Open Scripting Architecture libraries when determining whether to load scripting addition plugins into applications running with elevated privileges. This update mitigates the issue for Apple Remote Desktop by disabling scripting of ARDAgent. This issue does not affect systems that have installed Security Update 2008-005. Credit to Charles Srstka for reporting this issue. Apple Remote Desktop 3.2.2 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Apple Remote Desktop 3.2.2 Client The download file is named: "RemoteDesktopClient.dmg" Its SHA-1 digest is: b1a81f17724d9b2f7b6dbffed56bc9a0463d1d7e For Apple Remote Desktop 3.2.2 Admin The download file is named: "RemoteDesktopAdmin322.dmg" Its SHA-1 digest is: d9657c10ed4bc29cfe8cc64e0727ffd4ed8a1425 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: 9.7.2.1608 wsBVAwUBSNAXqHkodeiKZIkBAQgxtAf+NaV7B6mvvrRz3rzYmsqXeoZ5wGe2kbk5 cQA1n0glYAMF1W7r3x2YOWrRSBsMcbeupjkXJnx4OX9UCnuBIC/+6ZuMUgVSOix8 Z565sy9DESdN2OsnDT12RLjHKoQ/gy5g3tTlSifdT70+e3S7vRBmYWSIQRnZQam1 ri+G67cNds6AZZpi9H8Jkmq4uhQrpJDJoqrm4amI70iTx82ljHCm07l0lS2DF5b+ 939E3xeZVWQLHZPCGpuDFBlufefVYeN7pJddwwOJ3pPZLLc1U7nkad0Bt/KB8j0/ GhXwvMeJMbz52EBc9TEEWgCt2A9C9WeDZogZCR0HKSgD9D2Uh+tEIg== =ykeB -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com