The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Apple has released security updates for Safari 6.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, information disclosure, or a cross-site scripting condition.
Safari 6.1 Webkit updates are available for the following versions:
- OS X Lion v10.7.5
- OS X Lion Server v10.7.5
- OS X Mountain Lion v10.8.5
US-CERT encourages users and administrators to review Apple Support Article HT6000 and follow best practice security policies to determine if their organization is affected and the appropriate response.
US-CERT is aware of reports that the firmware for various D-Link routers contains a backdoor that allows unauthenticated remote users to bypass the routers' password authentication mechanism. An unauthenticated remote attacker can take any action as an administrator using the remote management web server.
D-Link is maintaining a page to inform users of this issue and provide updates as patches are released.
For more information, please see Vulnerability Note VU#248083.
Google has released Google Chrome 30.0.1599.101 for Windows, Mac, Linux and Chrome Frame operating systems to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or trigger multiple conflicting uses of the same object.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 30.0.1599.101.