Current Activity

View Current Activity Feed

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Google Releases Google Chrome 19

added Tuesday, May 15, 2012 at 2:13 pm

Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19.

Apple Releases Flashback Malware Security Updates

added Monday, April 16, 2012 at 3:11 pm | updated Tuesday, May 15, 2012 at 10:02 am

Apple has released security updates to address Flashback malware in the following products:

  • OS X Lion v10.7.3
  • OS X Lion Server v10.7.3
  • Mac OS X v10.6.8
  • Mac OS X Server v10.6.8

Apple has released a malware removal tool for the most common variant of the Flashback malware. If the malware is discovered, the tool will notify the user and remove it automatically. If the malware is not discovered, no indication will be given.

Update: On May 14, 2012 Apple has released security updates to address Flashback malware in the following product:

  • Mac OS X v10.5 to v10.5.8

US-CERT encourages users and administrators to review articles HT5247, HT5254, and HT5273 and apply any necessary updates to help mitigate the risk.

Apple Releases Multiple Security Updates

added Thursday, May 10, 2012 at 2:30 pm

Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products:

  • Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
  • OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review Apple articles HT5281 and HT5282 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Bulletins for Multiple Products

added Wednesday, May 9, 2012 at 12:43 pm

Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected:

  • Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh
  • Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh
  • Adobe Flash Professional CS 5.5 (11.5.1.349) and earlier versions for Windows and Macintosh
  • Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system.

US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk.

Apple Releases iOS 5.1.1

added Tuesday, May 8, 2012 at 04:29 pm

Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address.

US-CERT encourages users and administrators to review Apple Support Article HT5278 and apply any necessary updates to help mitigate the risk.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Technical Documents