04.22.2011 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Adobe Releases Security Updates for Reader and Acrobat
added April 22, 2011 at 08:33 amAdobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including the one described in the Flash Player security advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB11-08 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in the US-CERT Vulnerability Note VU#230057.
Oracle Releases Critical Patch Update for April 2011
added April 15, 2011 at 11:33 am | updated April 19, 2011 at 04:51 pm
Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes:
- 6 updates for the Oracle Database Server
- 9 updates for Oracle Fusion Middleware
- 1 update for Oracle Enterprise Manager Grid Control
- 4 updates for Oracle E-Business Suite
- 1 update for Oracle Supply Chain Products Suite
- 14 updates for Oracle PeopleSoft Products
- 8 updates for Oracle JD Edwards Products
- 3 updates for Oracle Siebel CRM
- 1 update for Oracle Industry Applications
- 18 updates for Oracle Sun Products Suite
- 8 updates for Oracle Open Office Suite
US-CERT encourages users and administrators to review the April
Critical Patch Update and apply any necessary updates to mitigate the risks. Additional information regarding CVE-2011-0794 and CVE-2011-0808 can be found in US-CERT Vulnerability Note VU#520721.
Apple Releases iTunes 10.2.2
added April 19, 2011 at 07:49 am
Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4609 and apply any necessary updates to mitigate the risks.
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
added April 12, 2011 at 10:39 am | updated April 15, 2011 at 04:20 pm
Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that this vulnerability is currently being
exploited in targeted attacks via a Flash (.swf) file embedded in a
Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an
email attachment. This vulnerability affects the following Adobe products:
- Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris
- Flash Player 10.2.154.25 and earlier versions for Chrome
- Flash Player 10.2.156.12 and earlier versions for Android
- the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh.
Additional information can be found in US-CERT Vulnerability Note VU#230057.
Apple Releases Security Updates
added April 15, 2011 at 09:40 am
Apple has released the following security updates:
Security Update 2011-002 addresses a vulnerability in the Certificate Trust Policy for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Sever v10.6.7. Exploitation of this vulnerability may allow an attacker to intercept user credentials, or obtain sensitive information.
Safari 5.0.5 addresses two vulnerabilities affecting the WebKit package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
iOS 4.2.7 Software Update for iPhone addresses multiple vulnerabilities affecting the Certificate Trust Policy, QuickLook, and WebKit Packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information.
iOS 4.3.2 Software Update addresses multiple vulnerabilities affecting the Certificate Trust Policy, libxslt, QuickLook, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information, or bypass security restrictions.
US-CERT encourages users and administrators to review Apple articles HT4608, HT4596, HT4607, and HT4606 and apply any necessary updates to help mitigate the risks.
Google Releases Chrome 10.0.648.205
added April 15, 2011 at 08:18 am
Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities including the Adobe Flash vulnerability described in Adobe Security Advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Microsoft Releases April Security Bulletin
added April 12, 2011 at 01:26 pm
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practices security policies to determine which updates should be applied.
VideoLAN Issues Security Advisory
added April 11, 2011 at 09:57 am
VideoLAN has issued a security advisory to alert users of a vulnerability affecting VLC Media Player versions 1.0.0 through 1.1.8. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review VideoLAN Security Advisory 1103 and implement the workarounds provided in the advisory until a fix is available from the vendor.
US-CERT will provide additional information as it becomes available.
Microsoft Releases Advance Notification for April Security Bulletin
added April 8, 2011 at 08:55 am
Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity rating of important and will be for Microsoft Windows, Office, Server Software, and Developer Tools and Software. Release of these bulletins is scheduled for Tuesday, April 12, 2011.
US-CERT will provide additional information as it becomes available.
ISC dhclient Vulnerability
added April 8, 2011 at 08:08 am
The Internet Systems Consortium (ISC) has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine.
US-CERT encourages administrators of this product to review the ISC advisory. Users of ISC DHCP from the original source distribution should upgrade to ISC DHCP version 3.1-ESV-R1, 4.1-ESV-R2, or 4.2.1-P1. Users who obtain ISC DHCP from a third-party vendor, such as their operating system vendor, should check with their software vendor for updated versions.
Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#107886.