RIM Releases Security Advisory for BlackBerry PlayBook

RIM has released a security advisory to address vulnerabilities in the Adobe Flash Player version included with the BlackBerry PlayBook tablet software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users and...

Google Releases Chrome 12.0.742.100

Google released Chrome 12.0.742.100 for Windows, Mac, Linux, and Chrome Frame to address a critical vulnerability in the Flash player plug-in. This vulnerability could allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review the Google Chrome...

Adobe Releases Security Bulletin for Critical Vulnerability in Flash Player

Adobe has released security bulletin APSB11-18 to alert users of a critical vulnerability in Adobe Flash Player. The following versions are affected: 10.3.181.23 and earlier for Windows, Macintosh, Linux, and Solaris 10.3.185.23 and earlier for Android Adobe indicates that it has received reports...

Adobe Releases Security Bulletin for Critical Vulnerabilities in Shockwave Player

Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...

Microsoft Releases June Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio, Microsoft .NET framework, Microsoft Silverlight, Microsoft Forefront Threat Management Gateway, and Internet Explorer as part of the Microsoft Security...

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader 10.0.1 and earlier versions for Windows, Adobe Reader 10.0.3 and earlier versions of Macintosh, and Adobe Acrobat 10.0.3 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...

Google Chrome Releases 12.0.742.91

Google has released Chrome 12.0.742.91 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

VMware Releases Security Advisory

VMware has released security advisory VMSA-2011-0009 to address multiple vulnerabilities in the following products: VMware Workstation 7.1.3 and earlier VMware Player 3.1.3 and earlier VMware Fusion 3.1.2 and earlier ESXi 4.1 without patch ESXi410-201104402-BG ESXi 4.0 without patch...

Adobe Releases Security Update for Flash Player

Adobe has released security bulletin APSB11-13 to address a vulnerability in Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux, and Solaris, and 10.3.185.22 and earlier versions for Android. Exploitation of this vulnerability may allow an attacker to conduct a cross-site...

VideoLAN Releases VLC Media Player 1.1.10

VideoLAN has released VLC Media Player 1.1.10 to address an integer overflow vulnerability in the xspf demuxer. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the release notes for VLC Media Player 1.1.10 a...

Oracle Releases Critical Patch Update for June 2011

Oracle released its June Critical Patch Update CPU containing 17 security fixes for the following products: JDK and JRE 6 Update 25 and earlier for Windows, Solaris, and Linux JDK and JRE 5.0 Update 29 and earlier for Windows, Solaris, and Linux SDK and JRE 1.4.231 and earlier for Windows, Solari...

Gmail Phishing Attack

US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories for four products to address multiple vulnerabilities. These products include Cisco Unified IP phones, Cisco Network Registrar, Cisco AnyConnect Secure Mobility Client, and Cisco Media Experience. Exploitation of the vulnerabilities may allow an attacker to...

Apple Releases Malware Detection Tool

Apple has released Security Update 2011-003 for Mac OS X in response to the recent Mac fake anti-virus software. This update: adds a malware definition to the File Quarantine application causes the File Quarantine application to automatically update its malware definition list daily removes...

Internet System Consortium releases BIND patches

The Internet System Consortium has released updates for BIND to address a vulnerability in BIND versions 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, and 9.8.0 and later. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition...

Cisco Releases Security Advisory for Cisco Internet Streamer

Cisco has released a security advisory to address a vulnerability in the web server component of the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users a...

WordPress Releases Version 3.1.3

WordPress has released WordPress 3.1.3 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.3 and apply any necessary updates t...

Apple Mac Defender, MacProtector, and MacSecurity Fake Anti-Virus Software

Apple has released a security advisory related to the recent Mac fake anti-virus software. The most common names for this fake anti-virus software are MacDefender, MacProtector, and MacSecurity. This fake anti-virus software is the result of a phishing scam targeting Mac users that redirects them...

Google Chrome Releases 11.0.696.71

Google has released Chrome 11.0.696.71 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Microsoft Releases New Version of EMET

Microsoft has released a new, fully supported version of the Enhanced Mitigation Experience Toolkit EMET designed to mitigate exploitation attempts. EMET allows users to manage security mitigation technologies to make it more difficult for an attacker to exploit software vulnerabilities. US-CERT...

Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning

Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash...

Google Releases Chrome 11.0.696.68

Google released Chrome 11.0.696.68 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome...

Adobe Releases Flash Player and Flash Media Server Updates

Adobe has released updates for Flash Player and Flash Media Server to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.2.159.1 and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player 10.2.157.51 and earlier versions for Android; Adob...

WebGL Security Risks

US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari. US-CER...

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for May 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the...

Apple Releases iOS 4.3.3

Apple released iOS 4.3.3 for the iPhone, iPod Touch, and iPad to address location tracking history capabilities. This update specifically addresses two bugs in iOS that resulted in the devices storing historical location data for too long. US-CERT encourages users and administrators to review App...

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its May release will contain two bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining bulletin will have the severity rating of important and will be fo...

Osama Bin Laden's Death Email Scams, Fake Antivirus, and Phishing Attack Warning

Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding Osama Bin Laden's death. Email scams may contain links or attachments that may direct users to malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and...

Video Game Phishing

US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that a...

Mozilla Releases Firefox updates

Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure. US-CERT encourages users and administrators to review the Mozil...

Cisco Releases Security Advisory for Cisco Unified Communications Manager

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition. US-CERT encourages users a...

Google Releases Chrome 11.0.696.57

Google has released Chrome 11.0.696.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google...

WordPress Releases Version 3.1.2

WordPress has released WordPress 3.1.2 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.2 and apply any necessary updates to hel...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including the one described in the Flash Player security advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code...

Apple Releases iTunes 10.2.2

Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4609 and apply any...

Google Releases Chrome 10.0.648.205

Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities including the Adobe Flash vulnerability described in Adobe Security Advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code...

Oracle Releases Critical Patch Update for April 2011

Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes: 6 updates for the Oracle Database Server 9 updates for Oracle Fusion Middleware 1 update for Oracle Enterprise Manager Grid...

Apple Releases Security Updates

Apple has released the following security updates: Security Update 2011-002 addresses a vulnerability in the Certificate Trust Policy for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Sever v10.6.7. Exploitation of this vulnerability may allow an attacker to intercept user...

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with...

Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat

Adobe has released a security update for Adobe Flash Player to address the vulnerability previously referenced in Adobe Security Advisory APSA11-02. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that...

VideoLAN Issues Security Advisory

VideoLAN has issued a security advisory to alert users of a vulnerability affecting VLC Media Player versions 1.0.0 through 1.1.8. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators...

ISC dhclient Vulnerability

The Internet Systems Consortium ISC has released an advisory to address a vulnerability in its dhclient application. This vulnerability may allow a remote attacker to execute arbitrary code on the client machine. US-CERT encourages administrators of this product to review the ISC advisory. Users ...

Microsoft Releases Advance Notification for April Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...

WordPress Releases Version 3.1.1

WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and...

RealNetworks, Inc. Releases Update for Helix Server and Helix Mobile Server

RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, an...

Cisco Releases Security Advisories

Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System ACS. This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous...

VideoLAN Releases VLC Media Player 1.1.8

VideoLAN has released VLC Media Player 1.1.8 to address two vulnerabilities. These vulnerabilities are due to the improper handling of .AMV and .NSV files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review...

Google Releases Chrome 10.0.648.204

Google has released Chrome 10.0.648.204 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry...

Fraudulent SSL Certificates

US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe...