4188 matches found
Apple Releases Security Updates
Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and...
Adobe Releases Flash Player Update
Adobe has released an update for Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Exploitation of thes...
Ongoing Phishing Attack
US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment. This attack is unlike common phishing attacks...
Google Releases Chrome 10.0.648.134
Google has released Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame. This release contains an updated version of the Adobe Flash player that addresses a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and...
BlackBerry WebKit Browser Engine Vulnerability
Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary...
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
Adobe has released a security advisory to alert users of a vulnerability affecting the following products: Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users Adobe Flash Player...
Google Releases Chrome 10.0.648.133
Google has released Chrome 10.0.648.133 for Windows, Mac, Linux, and Chrome Frame. This update addresses a vulnerability that may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary update...
Japan Earthquake and Tsunami Disaster Email Scams, Fake Antivirus and Phishing Attack Warning
US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in th...
Apple Releases Safari 5.0.4
Apple has released Safari 5.0.4 to address multiple vulnerabilities in the ImageIO, libxml, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or conduct cross-site scripting attacks. US-CE...
Apple Releases iOS 4.3
Apple has released iOS 4.3 for the iPhone 3 GS and later, iPod touch 3rd generation and later, and iPad to address multiple vulnerabilities. These vulnerabilities affect the CoreGraphics, ImageIO, libxml, Networking, Safari, and WebKit packages. Exploitation of these vulnerabilities may allow an...
Apple Releases Java Updates for Mac OS X 10.5 and OS X 10.6
Apple has released Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple...
Google Releases Chrome 10.0.648.127
Google has released Chrome 10.0.648.127 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions. US-CERT encourages users and administrators t...
Microsoft Releases March Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin an...
Microsoft Releases Advance Notification for March Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its March release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining two bulletins will have the severity rating of important...
Apple Releases iTunes 10.2
Apple has released iTunes 10.2 to address multiple vulnerabilities affecting the ImageIO, libxml, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to revie...
Mozilla Releases Updates for Firefox, Thunderbird, and SeaMonkey
The Mozilla Foundation has released Firefox 3.6.14 and Firefox 3.5.17 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery attacks, cause a denial-of-service condition, or operate with elevat...
Google Releases Chrome 9.0.597.107
Google has released Chrome 9.0.597.107 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...
Cisco Releases Multiple Security Advisories
Cisco has released six security advisories to address vulnerabilities in multiple Cisco products. Security advisory cisco-sa-20110223-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. Successful exploitation of these vulnerabilities could cause a...
Internet System Consortium Releases BIND Advisory
The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...
Oracle Releases Critical Patch Update for Java SE and Java for Business
Oracle has released a Critical Patch Update for Java SE and Java for Business. This update addresses multiple vulnerabilities and contains 21 security fixes. US-CERT encourages users and administrators to review the Oracle Java SE and Java for Business Critical Patch Update Advisory for February...
VMware Releases Advisory for Windows 7 Users
VMware has released an advisory to alert users of an issue affecting VMware on the Microsoft Windows 7 platform. This issue prevents VMware from connecting from the View Client on Windows 7 to the View Connection Server after installing the Microsoft patches 2482017 and 2467023 from Microsoft...
Google Releases Chrome 9.0.597.95
Google has released Chrome 9.0.597.95 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This update also includes a recently released version of Adobe Flash Player th...
Oracle Releases Security Alert for Java Runtime Environment
Oracle has released a security alert to address a vulnerability in the Java Runtime Environment component of the Oracle Java SE and Java for Business products. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and...
RealNetworks, Inc. Releases Security Updates for RealPlayer
RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the...
Adobe Releases Security Update for Flash Player
Adobe has released a security bulletin to address multiple vulnerabilities in Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition...
WordPress Releases Version 3.0.5
WordPress has released WordPress 3.0.5 to address multiple vulnerabilities. Execution of these vulnerabilities may allow an attacker to conduct cross-site scripting attacks or obtain sensitive information. US-CERT encourages users and administrators to review the WordPress Codex document for...
Adobe Releases Updates for Adobe Reader and Acrobat
Adobe has released updates for Reader and Acrobat to address multiple vulnerabilities affecting the following software versions: Adobe Reader X 10.0 and earlier versions for Windows and Macintosh Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix Adobe Acrobat x 10.0 and...
Microsoft Releases February Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for February 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain...
Google Releases Chrome 9.0.597.84
Google has released Chrome 9.0.597.84 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry an...
Majordomo Vulnerable to Directory Traversal
US-CERT is aware of a vulnerability affecting Majordomo 2. Exploitation of this vulnerability may allow an attacker to obtain sensitive information that could be used to leverage additional attacks. Reports indicate that this vulnerability affects builds 20110121 and prior. US-CERT encourages use...
Adobe Prenotification Security Advisory for Adobe Reader and Acrobat
Adobe had issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on February 8, 2011. An update for UNIX will be available the...
Cisco Releases Security Advisory for Tandberg E, EX, and C Series Endpoints
Cisco has released a security advisory to address a vulnerability in the Tandberg C Series Endpoints and E/EX Personal Video units running software versions prior to TC4.0.0. This vulnerability may allow an attacker to gain administrative access to the device. US-CERT encourages users and...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain 12 bulletins. Three of these bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. The remaining bulletins will have a severity...
VideoLAN Releases Security Advisory for VLC Media Player
VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1102 and apply any necessary updates or...
Cisco Releases Security Advisory for Multiple Cisco WebEx Player Vulnerabilities
Cisco has released a security advisory to address multiple vulnerabilities in WebEx Recording Format WRF and Advanced Recording Format ARF Players. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory...
Microsoft Releases Security Advisory 2501696
Microsoft has released Microsoft security advisory 2501696 indicating that it is investigating public reports of a vulnerability affecting Windows. This vulnerability is due to the way MHTML interprets MIME-formatted requests for content blocks within a document. Exploitation of this vulnerabilit...
RealNetworks, Inc. Releases Update for RealPlayer
RealNetworks, Inc. has released an update for Windows RealPlayer 14.0.1 and prior to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory and appl...
Opera 11.01 Released
Opera Software has released version 11.01 of the Opera web browser for Windows, Mac, and Unix to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, or obtain...
Oracle Releases Critical Patch Update for January 2011
Oracle has released its Critical Patch Update for January 2011 to address 82 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 16 for Oracle Fusion Middleware 2 for Oracle Enterprise Manager Grid Control 16 for Oracle...
Google Releases Chrome 8.0.552.237
Google has released Chrome 8.0.552.237 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry a...
Microsoft Security Advisory 2488013
Microsoft Security Advisory 2488013 addresses a vulnerability in Internet Explorer. This advisory has been updated to include Microsoft Fix It 50591 that prevents the recursive loading of CSS style sheets in Internet Explorer as a mitigation for this vulnerability. Exploitation of this...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
Microsoft Releases January Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for January 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin and follow...
Microsoft Internet Explorer 8 use-after-free Vulnerability
US-CERT is aware of a vulnerability affecting Microsoft Internet Explorer 8. This vulnerability is due to improper handling of circular memory references. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the user or cause a denial-of-service...
Apple Releases Mac OS X v10.6.6
Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4498 and apply any...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its January release will contain two bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, January 11...
Microsoft Releases Security Advisory
Microsoft has released security advisory 2490606 to alert users of a vulnerability affecting the Windows Graphics Rendering Engine. Exploitation of this vulnerability may allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. US-CERT...
WordPress.org has released WordPress 3.0.4
WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session. US-CERT encourages users and administrators to review the WordPress.org...
Microsoft WMI Administrative Tool ActiveX Control Vulnerability
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the...
Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update
The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update KB2412171 that was released on December 14. The product team has identified these issues as: Outlook fails to connect if Secure Password Authentication SPA is configured...