The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article HT4581 and apply any necessary updates to help mitigate the risks.
Adobe has released an update for Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service attack or execute arbitrary code.
US-CERT encourages users and administrators to review Adobe Security Advisory APSB11-05 and apply any necessary updates to help mitigate the risks.
US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.
This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks; this method of attack is able to bypass this security mechanism.
US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks: