07.09.2010 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Oracle Critical Patch Update Pre-Release Announcement
added July 9, 2010 at 03:14 pm
Oracle has issued a critical patch update pre-release announcement indicating that its July release will contain 59 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 13, 2010.
US-CERT encourages users and administrators to review the pre-release announcement; US-CERT will provide updates as they become available.
Microsoft Releases Advance Notification for July Security Bulletin
added July 8, 2010 at 03:51 pm
Microsoft has issued a Security Bulletin Advance Notification, indicating that its July release will contain four bulletins. Three bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining bulletin will have the severity rating of important and will be for Microsoft Office. Release of these bulletins is scheduled for Tuesday, July 13, 2010.
US-CERT will provide additional information as it becomes available.
Google Releases Chrome 5.0.375.99
added July 7, 2010 at 08:46 am
Google has released Chrome 5.0.375.99 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Adobe Releases Update for Adobe Reader and Adobe Acrobat
added June 29, 2010 at 02:03 pm
Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions:
- Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
- Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB10-15 and apply any necessary updates to help mitigate the risks.
Google Releases Chrome 5.0.375.86
added June 25, 2010 at 08:02 am
Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 5.0.375.86 to help mitigate the security risks.
Apple Releases iOS 4
added June 23, 2010 at 09:26 am
Apple has released iOS 4 for iPhone 3G and later, and iPod touch (2nd generation) and later, to address multiple vulnerabilities across several packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.
US-CERT encourages users and administrators to review Apple article HT4225 and update to iOS 4 as necessary to help mitigate the risks.
Mozilla Releases Firefox 3.6.4
added June 23, 2010 at 08:32 am
The Mozilla Foundation has released Firefox 3.6.4 and Firefox 3.5.10 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.
US-CERT encourages users and administrators to review the security advisories for Firefox 3.6 and Firefox 3.5 and apply any necessary updates to help mitigate the risks.
Apple Releases iTunes 9.2
added June 17, 2010 at 08:19 am
Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4220 and apply any necessary updates to help mitigate the risks.
Apple Releases Security Update 2010-004 and Mac OS X v10.6.4
added June 16, 2010 at 09:54 am
Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct man-in-the-middle attacks, alter configuration settings, or conduct cross-site scripting attacks.
Note that these Apple updates include Adobe Flash Player plugin version 10.0.45.2, which contains vulnerabilities previously identified in Adobe Security Bulletin APSB10-14. The Adobe Product Security Incident Response Team (PSIRT) has published a blog entry recommending that Mac OS X users upgrade to the latest version of the Flash Player (version 10.1.53.64) after applying these Apple updates.
US-CERT encourages users and administrators to review Apple Article HT4188 and the Adobe PSIRT blog entry and apply any necessary updates to help mitigate the risks.
Adobe Releases Flash 10.1
added June 10, 2010 at 08:00 pm
Adobe has released a Security Bulletin to address vulnerabilities in Adobe Flash Player 10.0.45.2 and earlier versions and in Adobe AIR 1.5.3.9130 and earlier versions. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB10-14 and to update to Adobe Flash Player 10.1 to help mitigate the risks.