The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system.
Updates available include:
- OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 and v10.10.1
- Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.1
- iOS 8.1.3 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
- Apple TV 7.0.3 for Apple TV 3rd generation and later
The Linux GNU C Library (glibc) versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu, Red Hat, and Debian. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.
Adobe has released Flash Player desktop version 188.8.131.526 to address a critical vulnerability (CVE-2015-0311) in 184.108.40.2067 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.