August 19, 2009 - Current Activity

Cisco Releases Security Advisory for Firewall Services Module Vulnerability

Cisco has released a security advisory to address a vulnerability in the Firewall Services Module (FWSM) for the Catalyst 6500 series switches and the 7600 series routers. By sending specially crafted ICMP messages to the Firewall Services Module, an attacker can cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20090819-fwsm and apply any necessary updates or workarounds to help mitigate the risks.

Adobe Releases Hotfixes for ColdFusion and JRun Vulnerabilities

Adobe has released hotfixes to address multiple vulnerabilities in JRun 4.0 and ColdFusion 8.0.1 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or operate with escalated privileges.

US-CERT encourages users and administrators to review Adobe security bulletin APSB09-12 and apply any necessary hotfixes to help mitigate the risks.

Apple Releases Safari 4.0.3

Apple has released Safari 4.0.3 for Windows and Mac OS X to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or spoof a website.

US-CERT encourages users and administrators to review Apple article HT3733 and upgrade to Safari 4.0.3 to help mitigate the risks.

Microsoft Releases August Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, Visual Studio, ISA Server, BizTalk Server, Remote Desktop Connection Client for Mac, and .NET Framework as part of the Microsoft Security Bulletin Summary for August 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. Additional information regarding these vulnerabilities can be found in US-CERT Technical Cyber Security Alert TA09-223A.

Apple Releases Mac OS X v10.5.8 and Security Update 2009-003

Apple has released Mac OS X v10.5.8 and Security Update 2009-003 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security mechanisms, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3757 and apply any necessary updates to help mitigate the risks. Additional information can be found in US-CERT Technical Cyber Security Alert TA09-218A.

Microsoft Releases Advance Notification for August Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that the August release cycle will contain nine bulletins, five of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Office, Visual Studio, ISA Server, BizTalk Server, Windows, and Client for Mac. There will also be four important bulletins for Microsoft Windows and .NET Framework. Release of these bulletins is scheduled for Tuesday, August 11.

US-CERT will provide additional information as it becomes available.

Sun Releases Update 15 for Java SE 6

Sun has released update 15 for the Java SE JDK 6 and the Java SE JRE 6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or bypass authentication methods.

US-CERT encourages users and administrators to review the Java SE 6 Update 15 release notes and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 3.0.13 and Firefox 3.5.2

The Mozilla Foundation has released Firefox 3.0.13 and Firefox 3.5.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, display misleading SSL information about a web page, intercept and modify encrypted communication, execute arbitrary JavaScript with chrome privileges, or cause a denial-of-service condition.

US-CERT encourages users to review the Mozilla Foundation security advisories for Firefox 3.0 and Firefox 3.5 and apply any necessary updates or workarounds to help mitigate the risks.

US-CERT will provide more information as it becomes available.

Apple Releases iPhone OS 3.0.1

Apple has released iPhone OS 3.0.1 to address a vulnerability in the CoreTelephony component. By sending a specially crafted SMS message to a user, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users review Apple article HT3754 and apply any necessary updates to help mitigate the risk.

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released Reader 9.1.3 and Acrobat 9.1.3 to address a vulnerability. By convincing a user to open a PDF document embedded with a specially crafted SWF file, an attacker may be able to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB09-10 and apply any necessary updates to help mitigate the risks. Additional information regarding this vulnerability can be found in US-CERT Technical Cyber Security Alert TA09-204A.