The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.
The following updates are available:
- OpenSSL 1.0.1k for 1.0.1 users
- OpenSSL 1.0.0p for 1.0.0 users
- OpenSSL 0.9.8zd for 0.9.8 users
Users and administrators are encouraged to review the OpenSSL Security Advisory for additional information and apply the necessary updates.
Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system.
The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file.
US-CERT recommends users and administrators to review the oCERT Advisory for more details.