The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.
US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.
For more details, please see VU#222929.
Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution.
Updates available include:
- Chrome 34.0.1847.131 for Windows and Mac.
- Chrome 34.0.1847.132 for Linux.
- Chrome 34.0.1847.134 for Chrome OS devices, except HP Chromebook Pavillion.
Users and administrators are encouraged to review the Google Chrome release blog entries and apply the necessary updates.
Apple has released firmware update 7.7.3 for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The update addresses the OpenSSL "Heartbleed" vulnerability where an attacker may obtain memory contents.
US-CERT recommends that users and administrators review Apple Security Update HT6203 and apply the necessary update.