The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100414-csd and apply any necessary updates to help mitigate the risks. Cisco has provided a workaround for users who are unable to apply the update. Additionally, users and administrators may want to review and implement the best security practices described in the Securing Your Web Browser document to help prevent future, similar attacks.
Apple has released security update 2010-003 to address a vulnerability in the ATS package. This vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Apple article HT4131 and apply any necessary updates to help mitigate the risks.
Oracle has released its Critical Patch Update for April 2010 to address 47 vulnerabilities across several products. This update contains the following security fixes:
- 7 for Oracle Database Server
- 5 for Oracle Fusion Middleware
- 1 for Oracle Collaboration Suite
- 8 for Oracle Application Suite
- 4 for PeopleSoft and JD Edwards Suite
- 6 for Oracle Industry Applications
- 16 for Sun Products