Mac OS X Security Update 2006-008

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is running a version of Mac OS X 10.4 that does not
have Security Update 2006-008 applied.

This update fixes a flaw in QuickTime that may allow a rogue website to
obtain the images rendered on the user screen. By combining this flaw
with Quartz Composer, an attacker may be able to obtain screen shots of
the remote host.

See also :

http://docs.info.apple.com/article.html?artnum=304916

Solution :

Install the security update 2006-008 :

http://www.apple.com/support/downloads/securityupdate2006008universal.html
http://www.apple.com/support/downloads/securityupdate2006008ppc.html

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.9
(CVSS2#E:U/RL:OF/RC:ND)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 23926 (macosx_SecUpd2006-008.nasl)

Bugtraq ID: 21672

CVE ID: CVE-2006-5681