U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Safari Vulnerability

US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.

US-CERT encourages users and administrators to disable JavaScript as detailed in the Securing Your Web Browser document until a fix is provided by the vendor. Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

US-CERT will provide additional information as it becomes available.

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulletins is scheduled for Tuesday, May 11, 2010.

US-CERT will provide additional information as it becomes available.

Foxit Releases Foxit Reader 3.3

The Foxit Corporation has released Foxit Reader 3.3 for Windows. This release of Foxit Reader contains a component called Trust Manager. Foxit Reader release notes indicate that the Trust Manager enables users to allow or deny unauthorized actions and data transmission, including URL connection, attachments PDF action, and JavaScript. This addresses the vulnerability in the PDF specification /Launch function.

US-CERT encourages users and administrators to review the Foxit Reader 3.3 release notes and upgrade to Foxit Reader 3.3 to help mitigate the risks associated with the PDF specification /Launch function vulnerability. Additional information regarding the /Launch function vulnerability can be found in the Vulnerability Notes Database.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top