The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released a security update to address multiple vulnerabilities affecting Shockwave Player 184.108.40.2069 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-20 and upgrade to Adobe Shockwave Player 220.127.116.112 to help mitigate the risks.
Apple has released security update 2010-005 to address multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain.
US-CERT encourages users and administrators to review Apple article HT4312 and apply any necessary updates to help mitigate the risks.
Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries (DLLs). If an application does not securely load DLL files, an attacker may be able to cause the application to load an arbitrary library. By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code or elevation of privileges.
At this time, US-CERT is aware of reports of publicly available exploit code for this vulnerability.