U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases Security Updates for iOS, OS X El Capitan, and Safari

Apple has released security updates for iOS, OS X El Capitan, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • iOS 9.2.1 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later
  • OS X El Capitan 10.11.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2
  • Safari 9.0.3 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 to v10.11.2

Users and administrators are encouraged to review Apple security updates for iOS, OS X El Capitan, and Safari and apply the necessary updates.

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for January 2016 to address 248 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle January 2016 Critical Patch Update and apply the necessary updates.

IRS Releases Ninth Security Tip

The Internal Revenue Service (IRS) has released the ninth in a series of tips intended to help the public protect personal and financial data online and at home. This tip describes new procedures taken by the IRS, state governments, and the tax industry to provide a safer, more secure filing environment for taxpayers. Recommendations include new password standards, security questions, out-of-band email verification, and a lockout feature.

US-CERT encourages users and administrators to review the IRS Security Awareness Tax Tip Number 9 for additional information.

OpenSSH Client Vulnerability

OpenSSH version 7.1p2 has been released to address vulnerabilities in versions 5.4 through 7.1p1. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system.

Users and administrators are encouraged to review the OpenSSH Release Notes and Vulnerability Note VU#456088 and apply the necessary update.

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected device.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

ISC Releases Security Updates

Internet Systems Consortium (ISC) has released security updates to address a vulnerability in the ISC Dynamic Host Configuration Protocol (DHCP) software. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • DHCP version 4.1-ESV-R12-P1
  • DHCP version 4.3.3-P1

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01334 and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top