The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.
US-CERT encourages users and administrators to review the Mozilla Foundation security advisories released on July 20, 2010, and apply any necessary updates to help mitigate the risks.
Apple has released iTunes 9.2.1 to address a vulnerability. This vulnerability is due to improper handling of itpc URLs. itpc is the protocol used by Apple iTunes for handling podcasts. By convincing a user to access a specially crafted itpc URL, an attacker may be able to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4263 and update to iTunes 9.2.1 to help mitigate the risks associated with this vulnerability.
US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as "shortcuts," as references to files or applications.