U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases iOS 5.0.1

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5052 and apply any necessary updates to help mitigate the risk.

Google Releases Chrome 15.0.874.120

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.120.

Mozilla Releases Firefox 8 and 3.6.24

The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 8 and Firefox 3.6.24 and apply any necessary updates to help mitigate the risk.

Adobe Releases Security Bulletin for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. These vulnerabilities affect Shockwave Player 11.6.1.629 and earlier versions for the Windows and Macintosh operating systems.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB11-27 and apply the necessary updates to help mitigate the risk.

Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing

Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code.

Microsoft has indicated that it is aware of targeted attacks exploiting this vulnerability. The Duqu malware may exploit this vulnerability.

UPDATE: Microsoft has provided an update to address this vulnerability in Microsoft Security Bulletin MS11-087.

US-CERT encourages users and administrators to take the following actions to help mitigate the risks of this vulnerability and the Duqu malware:

Microsoft Releases November Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

Additional information regarding the vulnerability identified in Microsoft Security Bulletin MS11-084 can be found in US-CERT Vulnerability Note VU#675073.

Pages

TLP:WHITE

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top