The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities including the Adobe Flash vulnerability described in Adobe Security Advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practices security policies to determine which updates should be applied.
Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment. This vulnerability affects the following Adobe products: