This document describes Security Update 2007-004 v1.1, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see "Apple Security Updates."
Security Update 2007-004 v1.1 includes the contents of Security Update 2007-004, plus the following fixes:
AirPort
Available for: Mac OS X v10.3.9
This update corrects an issue where the AirPort connection may be lost after waking from sleep. This issue only affects Mac OS X v10.3.9 with Security Update 2007-004.
FTPServer
CVE-ID: CVE-2007-0745
Available for: Mac OS X Server v10.4.9
Impact: Users with ftp access may be able to navigate to directories outside the normal scope
Description: Security Update 2007-004 applied an incorrect ftp configuration file for Mac OS X Server v10.4.9 systems. Users with ftp access, who would normally be restricted to certain directories, may be able to access directories outside the normal scope. This update addresses the issue by restoring the correct version of the ftp configuration file. This issue only affects Mac OS X Server v10.4.9 with Security Update 2007-004.
Mac OS X 10.4.9 (client) and Mac OS X Server 10.3.9 systems that have installed Security Update 2007-004 do not require Security Update 2007-004 v1.1. If the security update has not yet been installed on these systems, then they should be updated using Security Update 2007-004 v1.1.