4188 matches found
Microsoft Internet Explorer Use-After-Free Vulnerability Guidance
US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution. US-CERT recommends that users and administrators review Microsoft Security Advisory...
Google Releases Security Updates for Chrome
Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 34.0.1847.131 for Windows and Mac. Chrome 34.0.1847.132 for Linux. Chrome 34.0.1847.134 fo...
Apple Releases Security Updates for OS X, iOS devices, and Apple TV
Apple has released security updates for Mac OS X, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow an attacker to execute arbitrary code, cause application termination, or expose users to covert eavesdropping. Updates available include: Security Update...
Firmware Update for Apple AirPort Devices
Apple has released firmware update 7.7.3 for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The update addresses the OpenSSL "Heartbleed" vulnerability where an attacker may obtain memory contents. US-CERT recommends that users and administrators review Apple Security Updat...
Security Update for Chrome OS
Google has released Chrome 34.0.1847.120 for all Chrome OS devices, except HP Chromebook Pavillion, to address multiple bug fixes, security updates, and feature enhancements. Users and administrators are encouraged to review the Google Chrome release blog entry for additional details. This produc...
Adobe Releases Security Update for Reader Mobile
Adobe has released a security update to address a vulnerability in Adobe Reader Mobile 11.1.3 and earlier versions for Android. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code via a crafted PDF document. US-CERT recommends that users and administrators...
Oracle Releases April 2014 Security Advisory
Oracle has released its Critical Patch Update for April 2014 to address 104 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 20 for Oracle Fusion Middleware 3 for Oracle Hyperion 10 for Oracle Supply Chain Products Suite 8 f...
Easter Holiday Phishing Scams and Malware Campaigns
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include: shipping notifications that may be phishing scams or may contain malware electronic greeting cards that may contain malware requests for charitable contributions that may...
Adobe Releases Security Updates for Flash Player and AIR
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and AIR. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. The following updates are available: Flash Player 13.0.0.182 for Windows and Macintosh Flash...
OpenSSL 'Heartbleed' Vulnerability
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL...
Microsoft Releases April 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions. US-CERT encourages users and...
Apple Releases Security Updates for Safari
Apple released Safari 6.1.3 and Safari 7.0.3 for OS X to address multiple vulnerabilities in WebKit. Software memory corruption issues may lead to information disclosure, unexpected application termination, or arbitrary code execution. Users and administrators are encouraged to review Apple Suppo...
Microsoft Releases Security Advisory
Microsoft has released a security advisory for Microsoft Word. A vulnerability exists for remote code execution which could allow an attacker to gain user rights by opening a specifically crafted Rich Text Format file. Applying the Microsoft Fix it solution will disable the opening of RTF content...
Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, execute arbitrary code, or operate wit...
Google Releases Security Updates for Chrome
Google has released security updates to address multiple vulnerabilities in Chrome. Some of these vulnerabilities may lead to memory corruption or arbitrary code execution. Updates available include: Chrome 33.0.1750.154 for Windows. Chrome 33.0.1750.152 for Mac and Linux. Chrome 33.0.1750.152 fo...
Ubuntu Releases Security Updates
Ubuntu has released security updates to address a vulnerability in the Mutt E-mail Client for Ubuntu 13.10, 12.10, 12.04 LTS, and 10.04 LTS. This vulnerability may allow an attacker to take control of a system via a crafted email. Users and administrators are encouraged to review Ubuntu Security...
Adobe Releases Security Update for Shockwave Player
Adobe has released a security update to address a critical vulnerability in Adobe Shockwave Player 12.0.9.149 and earlier versions for Windows and Macintosh operating systems. Exploitation of this vulnerability could allow an attacker to remotely take control of the affected system. Users and...
Security Updates Available for Adobe Flash Player
Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 or earlier versions for Windows and Macintosh, and Adobe Flash Player 11.2.202.341 or earlier versions for Linux. Exploitation of these vulnerabilities could compromise data security in a user...
Security Update for Chrome OS
Google has released Google Chrome 33.0.1750.149 for all Chrome OS devices to address multiple bug fixes, security updates, and feature enhancements. Users and administrators are encouraged to review the Google Chrome release blog entry for additional details. This product is provided subject to...
Security Updates Released for iOS devices and Apple TV
Apple has released security updates for iOS and Apple TV devices to address multiple vulnerabilities, some of which may lead to unexpected system termination or arbitrary code execution. Updates available include: iOS 7.1 for iPhone 4 and later, iPod touch 5th generation and later, or iPad 2 and...
Google Releases Chrome Update
Google has released Google Chrome 33.0.1750.149 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome release blog ent...
Google Releases Update for Chrome
Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review the Google Chrome Release blog ent...
GnuTLS Releases Security Update
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...
Apple Releases OS X Mavericks v10.9.2 and Security Update 2014-001
Apple has released OS X Mavericks v10.9.2 and Security Update 2014-001 to address multiple vulnerabilities for the following versions of OS X: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion v10.8.5 OS X Mavericks v10.9 and v10.9.1 US-CERT encourages users and administrators to revi...
Apple Releases Safari 6.1.2 and Safari 7.0.2
Apple has released Safari 6.1.2 and 7.0.2 for OS X to address multiple vulnerabilities in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT614...
Apple Releases QuickTime 7.7.5
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...
US Tax Season Phishing Scams and Malware Campaigns
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing...
Cisco Releases Security Advisory for Prime Infrastructure Command Execution Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. US-CERT encourages users and administrators to...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google Chrome release blog entry and apply the updat...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged to review the Google Chrome Release...
Cisco UCS Director Default Credentials Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System UCS Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation...
Apple Releases Security Updates for iOS devices and Apple TV
Apple has released updates for iOS and Apple TV devices to address a vulnerability that allows an attacker with a privileged network position to capture or modify data in protected SSL/TLS sessions. Updates are available: iOS 6.1.6 for iPhone 3GS and iPod touch 4th generation. iOS 7.0.6 for iPhon...
Multiple Vulnerabilities in Cisco IPS Software
Cisco has released updates to address three vulnerabilities in the Cisco Intrusion Prevention Software IPS. These vulnerabilities affect multiple versions of Cisco IPS Software on multiple platforms and could allow remote, unauthenticated attackers to cause a Denial of Service condition. US-CERT...
Microsoft Releases Security Advisory for Internet Explorer 9 and 10 Use-After-Free Vulnerability
Microsoft has released Security Advisory 2934088 to address a use-after-free vulnerability in Internet Explorer 9 and 10, which can be used by a remote attacker to take control of a vulnerable system. US-CERT and Microsoft are aware of targeted attacks currently exploiting this vulnerability. Use...
Security Updates Available for Adobe Flash Player
Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.44 or earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 or earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affected...
Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild
An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU732479 has been published with further details about the vulnerability. US-CERT recommends users protect themselves against this exploit by using Microsoft's EMET utility,...
Adobe Releases Security Update for Adobe Shockwave Player
Adobe has released a security update to address a vulnerability in Adobe Shockwave Player 12.0.7.148 and earlier versions for Windows and Macintosh operating systems. Exploitation of this vulnerability could allow an attacker to take control of the affected system. US-CERT recommends that users a...
Microsoft Releases February 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Security Software, and Microsoft .NET Framework as part of the Microsoft Security Bulletin Summary for February 2014. These vulnerabilities could allow remote code execution, elevation of...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 27 Firefox ESR 24.3 Thunderbird 24.3 Seamonkey 2.24 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a...
Security Updates Available for Adobe Flash Player
Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affect...
Google Releases Google Chrome Update
Google has released Google Chrome 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or bypass intended security restrictions. US-CERT encourages users and administrators to...
Apple Releases iTunes 11.1.4
Apple has released a security update for Apple iTunes 11.1.4 to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT6001 and...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service DoS condition. These vulnerabilities affect the following: Cisco...
Google Releases Google Chrome Updates
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...
Cisco Releases Security Advisory for Cisco Secure Access Control System
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...
BlackBerry Releases Security Advisory
BlackBerry has released a security advisory that addresses Adobe® Flash® remote code execution vulnerabilities that affect BlackBerry® Z10, BlackBerry® Q10 smartphone and BlackBerry® PlayBook™ tablet customers. These vulnerabilities could potentially allow an attacker to execute code with the...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows, Macintosh, Adobe Flash Player 11.2.202.332, and Linux to address multiple vulnerabilities that may allow an attacker to take control of the affected system. Affected software versions: Adobe...
Oracle Releases January 2014 Security Advisory
Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...
Microsoft Releases January 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...
Adobe Releases Security Updates for Adobe Reader and Acrobat
Adobe has released security updates for Adobe Reader and Acrobat XI 11.0.05 and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions: Adobe Reader XI 11.0.05 and earlier 11.x versions for Windows and Macintosh Adobe Reader X 10.1...