U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

Adobe has released a security advisory to alert users of vulnerabilities affecting Adobe Flash Player and Adobe AIR. These vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player 11.0.1.153 for Android, and Adobe AIR 3.0 for Windows, Macintosh, and Android. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to help mitigate the risk.

Fraudulent Digital Certificates Could Allow Spoofing

US-CERT is aware of public reports that DigiCert Sdn. Bhd* has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog.

Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

Apple Releases iOS 5.0.1

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5052 and apply any necessary updates to help mitigate the risk.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top