U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases iTunes 9.2.1

Apple has released iTunes 9.2.1 to address a vulnerability. This vulnerability is due to improper handling of itpc URLs. itpc is the protocol used by Apple iTunes for handling podcasts. By convincing a user to access a specially crafted itpc URL, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4263 and update to iTunes 9.2.1 to help mitigate the risks associated with this vulnerability.

Microsoft Windows .LNK Vulnerability

US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as "shortcuts," as references to files or applications.

Oracle Releases Critical Patch Update for July 2010

Oracle has released its Critical Patch Update for July 2010 to address 59 vulnerabilities across multiple products. This update contains the following security fixes:

  • 6 for Oracle Database Server
  • 2 for TimesTen In-Memory Database
  • 5 for Oracle Secure Backup
  • 7 for Oracle Fusion Middleware
  • 1 for Oracle Enterprise Manager
  • 7 for Oracle E-Business Suite
  • 2 for Oracle Supply Chain Products Suite
  • 8 for Oracle PeopleSoft and JDEdwards Suite
  • 21 for Oracle Sun Products Suite
US-CERT encourages users and administrators to review the July 2010 Critical Patch Update and apply any necessary updates to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top