The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Apple has released iOS 4.2 for the iPhone, iPod Touch, and iPad to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article HT4456 and update to iOS 4.2 to mitigate the risks.
Apple has released Safari 5.0.3 and 4.1.3 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4455 and apply any necessary updates to help mitigate the risks.
As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness.
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.
These phishing scams and malware campaigns may include but are not limited to the following: