The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.
Updates available include:
- BIND 9-version 9.9.7-P2
- BIND 9-version 9.10.2-P3
Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.
Android devices running Android versions 2.2 through 5.1.1_r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device.
Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information. US-CERT recommends affected Android users contact their wireless carrier or device manufacturer for a software update.
A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which connects FCA vehicles to the Internet. Sprint has blocked the port used for attacks. FCA and the National Highway Transportation Safety Administration (NHTSA) have also initiated a safety recall for all potentially affected Chrysler, Dodge, Jeep, and Ram models. See the NHTSA recall announcement for a complete list.
US-CERT recommends that users review ICS Alert 15-203-01 and Vulnerability Note VU#819439 for more information. Uconnect users are encouraged to review the NHTSA recall announcement and apply the software update.
WordPress 4.2.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.
Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.2.3.
Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a denial-of-service condition, or take control of the affected application.
Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.