U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Fraudulent SSL Certificates

US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates.

Mozilla has updated Firefox 4.0, 3.6, and 3.5. Additional information can be found in the Mozilla Security Blog.

Microsoft has released updates for various platforms in Microsoft Knowledge Base Article 2524375. Additional information can be found in Microsoft Security Advisory 2524375.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB11-06 and apply any necessary updates to help mitigate the risks.

Apple Releases Security Updates

Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT4581 and apply any necessary updates to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top