The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Google has released Google Chrome 31.0.1650.48 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition or bypass intended security restrictions.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best practice security policies to determine which updates should be applied.
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe has released updates to the following products:
- Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh
- Adobe Flash Player 22.214.171.1240 and earlier versions for Linux
- Adobe AIR 126.96.36.1990 and earlier versions for Windows and Macintosh
- Adobe AIR 188.8.131.520 and earlier versions for Android
- Adobe AIR 184.108.40.2060 SDK and earlier versions
- Adobe AIR 220.127.116.110 SDK & Compiler and earlier versions
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-26 and apply any necessary updates to help mitigate the risk.
Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh and Linux to address multiple vulnerabilities. This hotfix addresses a reflected cross site scripting vulnerability (CVE-2013-5326) that could be exploited by a remote, authenticated user and a vulnerability (CVE-2013-5328) that could permit unauthorized remote read access.
US-CERT recommends users and administrators review Adobe Security Advisory APSB13-27 and follow best practice security policies to determine if their organization is affected and the appropriate response.