The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases Java for Mac OS X 10.5 Update 8 and Java for Mac OS X 10.6 Update 3

Apple has released Java for Mac OS X 10.5 update 8 and Java for Mac OS X 10.6 update 3 to address multiple vulnerabilities affecting the Java package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple articles HT4417 and HT4418 and apply any necessary updates to help mitigate the risks.

Google Releases Chrome 7.0.517.41

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 3.6.11

The Mozilla Foundation has released Firefox 3.6.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.14 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey and are addressed in Thunderbird 3.1.5 and 3.0.9 and SeaMonkey 2.0.9.

RealNetworks Releases Security Update for RealPlayer Vulnerabilities

RealNetworks has issued a Security Update to address multiple vulnerabilities affecting RealPlayer. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the RealNetworks security advisory and apply any necessary updates to help mitigate the risks.

RIM Releases Security Advisory for BlackBerry Enterprise Server

RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review BlackBerry security advisory KB24547 and apply any necessary updates to help mitigate the risks.

Oracle Releases Critical Patch for October 2010

Oracle has released its Critical Patch Update for October 2010 to address 85 vulnerabilities across multiple products. This update contains the following security fixes:

This product is provided subject to this Notification and this Privacy & Use policy.