U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Oracle Releases Sun Java SE 1.6.0_20

Oracle has released Sun Java SE 1.6.0_20 to address several vulnerabilities. The release notes for this version of Java SE indicate that these vulnerabilities are in Java Deployment Toolkit and the new Java Plug-in. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the following documents and apply any necessary updates or workarounds to help mitigate the risks:

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in Cisco Secure Desktop. Cisco Secure Desktop contains a vulnerable ActiveX control that may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100414-csd and apply any necessary updates to help mitigate the risks. Cisco has provided a workaround for users who are unable to apply the update. Additionally, users and administrators may want to review and implement the best security practices described in the Securing Your Web Browser document to help prevent future, similar attacks.

Apple Releases Security Update 2010-003

Apple has released security update 2010-003 to address a vulnerability in the ATS package. This vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Apple article HT4131 and apply any necessary updates to help mitigate the risks.

Oracle Releases Critical Patch Update for April 2010

Oracle has released its Critical Patch Update for April 2010 to address 47 vulnerabilities across several products. This update contains the following security fixes:

  • 7 for Oracle Database Server
  • 5 for Oracle Fusion Middleware
  • 1 for Oracle Collaboration Suite
  • 8 for Oracle Application Suite
  • 4 for PeopleSoft and JD Edwards Suite
  • 6 for Oracle Industry Applications
  • 16 for Sun Products
US-CERT encourages users and administrators to review the April 2010 Critical Patch Update and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates to address multiple vulnerabilities that affect the following:

  • Adobe Reader 9.3.1 and earlier
  • Adobe Acrobat 9.3.1 and earlier
  • Adobe Reader 8.2.1 and earlier
  • Adobe Acrobat 8.2.1 and earlier
These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-09 and apply any necessary updates to help mitigate the risks.

Microsoft Releases April Security Bulletin

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Exchange as part of the Microsoft Security Bulletin Summary for April 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, cause a denial-of-service attack or spoof an IPv4 address to bypass filtering devices.

US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top