Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
May 2009
 Right Arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    May 15, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    May 13Adobe Releases Security Updates for Adobe Reader and Acrobat
    May 13Apple Releases Security Update 2009-002, Mac OS X v10.5.7 and Safari 3.2.3
    May 13Microsoft Releases May Security Bulletin
    May 7Microsoft Releases Advance Notification for May Security Bulletin
    May 7Adobe Releases Security Bulletin for Flash Media Server
    April 30Symantec Releases Security Advisories
    April 29Adobe Reader and Acrobat JavaScript Vulnerabilities
    April 28Swine Flu Phishing Attacks and Email Scams
    April 28Mozilla Foundation Releases Firefox 3.0.10
    April 22Mozilla Foundation Releases Firefox 3.0.9


    Adobe Releases Security Updates for Adobe Reader and Acrobat

    added May 13, 2009 at 09:12 am | updated May 13, 2009 at 04:34 pm

    Adobe has released security updates to address a vulnerability that affects Reader 9.1 and earlier and Acrobat 9.1 and earlier. This vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Adobe Security Bulletin APSB09-06 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-133B.


    Apple Releases Security Update 2009-002, Mac OS X v10.5.7 and Safari 3.2.3

    added May 13, 2009 at 09:12 am | updated May 13, 2009 at 04:33 pm

    Apple has released Security Update 2009-002 and Mac OS X v10.5.7 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, leverage additional attacks, or obtain elevated privileges.

    Additionally, Apple has released Safari 3.2.3 to address vulnerabilities in libxml, Safari, and Webkit. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Apple articles HT3549 and HT3550 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA09-133A.


    Microsoft Releases May Security Bulletin

    added May 12, 2009 at 01:35 pm | updated May 13, 2009 at 04:32 pm

    Microsoft has released an update to address a vulnerability in Microsoft Office as part of the Microsoft Security Bulletin Summary for May 2009. By convincing a user to open a specially crafted PowerPoint file, an attacker may be able to execute arbitrary code.

    US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine if the update should be applied. Additional information regarding this vulnerability can be found in Technical Cyber Security Alert TA09-132A.


    Microsoft Releases Advance Notification for May Security Bulletin

    added May 7, 2009 at 02:58 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled for Tuesday, May 12.

    US-CERT will provide additional information as it becomes available.


    Adobe Releases Security Bulletin for Flash Media Server

    added May 7, 2009 at 02:30 pm

    Adobe has released Security Bulletin APSB09-05 to address a potential vulnerability in versions of Flash Media Server up to and including version 3.5.1. This vulnerability may allow an attacker to "execute remote procedures within a server side ActionScript file running on a Flash Media Server." According to Adobe, this issue affects versions of Flash Media Interactive Server and Flash Media Streaming Server.

    US-CERT encourages users to review Adobe Security Bulletin APSB09-05 and upgrade to the most current version of Flash Media Server.


    Symantec Releases Security Advisories

    added April 30, 2009 at 04:03 pm

    Symantec has released three security advisories to address multiple vulnerabilities in Symantec Alert Management System, Log Viewer, and Reporting Server. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security mechanisms, or leverage phishing attacks.

    US-CERT encourages users and administrators to review the following Symantec Security Advisories and apply any necessary updates or workarounds to help mitigate the risks:

    US-CERT also encourages users to continue following the best practices provided in the advisories to minimize future risks.


    Adobe Reader and Acrobat JavaScript Vulnerabilities

    added April 28, 2009 at 12:34 pm | updated April 29, 2009 at 03:57 pm

    US-CERT is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

    US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

    1. Open the General Preferences dialog box
    2. From the Edit menu, select Preferences and then choose JavaScript
    3. Un-check Enable Acrobat JavaScript
    Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. US-CERT will provide additional information as it becomes available.


    Swine Flu Phishing Attacks and Email Scams

    added April 27, 2009 at 03:04 pm | updated April 28, 2009 at 04:42 pm

    US-CERT is aware of public reports of email scams circulating related to the Swine Flu. The attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code.

    US-CERT encourages users to take the following measures to protect themselves:

    UPDATE: Due to these potential phishing attacks and email scams, US-CERT encourages users to visit the Center for Disease Control (CDC) website for trusted information regarding the Swine Flu.


    Mozilla Foundation Releases Firefox 3.0.10

    added April 28, 2009 at 08:03 am

    Mozilla Foundation has released Firefox 3.0.10 to address a memory corruption vulnerability. Exploitation of this vulnerability may result in a denial-of-service condition.

    US-CERT encourages users and administrators to review Mozilla Foundation Security Advisory MFSA 2009-23 and update to Firefox 3.0.10 to help mitigate the risk.


    Mozilla Foundation Releases Firefox 3.0.9

    added April 22, 2009 at 08:07 am

    Mozilla Foundation has released Firefox 3.0.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, leverage additional attacks, or obtain sensitive information. The Mozilla Foundation security advisories indicate that many of these vulnerabilities also affect SeaMonkey and Thunderbird.

    US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories website for more information about the vulnerabilities and upgrade to Firefox 3.0.9 to help mitigate the risks.