U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Microsoft Internet Explorer Use-After-Free Vulnerability Guidance

US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.

US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

For more details, please see VU#222929.

Google Releases Security Updates for Chrome

Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution.

Updates available include:

  • Chrome 34.0.1847.131 for Windows and Mac.
  • Chrome 34.0.1847.132 for Linux.
  • Chrome 34.0.1847.134 for Chrome OS devices, except HP Chromebook Pavillion.

Users and administrators are encouraged to review the Google Chrome release blog entries and apply the necessary updates.

 

Firmware Update for Apple AirPort Devices

Apple has released firmware update 7.7.3 for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The update addresses the OpenSSL "Heartbleed" vulnerability where an attacker may obtain memory contents.

US-CERT recommends that users and administrators review Apple Security Update HT6203 and apply the necessary update.

For more details and recommended actions regarding the OpenSSL "Heartbleed" vulnerability please see TA14-098A and Heartbleed OpenSSL Vulnerability.pdf

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top