The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released a security update to address multiple vulnerabilities in Adobe Shockwave Player 220.127.116.116 and earlier versions for both Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-12 and update to Adobe Shockwave Player 18.104.22.1689 to help mitigate the risks.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.
US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.
US-CERT will provide additional information as it becomes available.