U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases Safari 4.0.5

Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions.

US-CERT encourages users and administrators to review Apple article HT4070 and upgrade to Safari 4.0.5 to help mitigate the risks.

Microsoft Releases March Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2010. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Energizer DUO USB Battery Charger Software Allows Remote System Access

US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows and Apple Mac OS X versions. Only the Windows version is affected by this vulnerability.

US-CERT encourages users and administrators to review Vulnerability Note VU#154421 and apply the recommended solutions.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top