OpenX Releases Security Update

OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX. US-CERT encourages users and administrators to review the OpenX "Security...

Cisco Releases Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the Cisco IOS Software and the Cisco Unified Communications Manager. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to...

Apple Releases Security Update 2010-006

Apple has released security update 2010-006 for Mac OS X and Mac OS X Server to address a vulnerability in the AFP package. This vulnerability may allow an attacker to bypass password validation and obtain sensitive information. The article indicates that this vulnerability does not affect system...

Microsoft Releases Security Advisory 2416728

Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages administrators to review Microsoft security advisory 2416728 and apply a...

Mozilla Releases Firefox 3.5.13 and 3.6.10

The Mozilla Foundation has released Firefox 3.5.13 and 3.6.10 to address a stability issue affecting some users. US-CERT encourages users and administrators to review the release notes for Firefox 3.5.13 and Firefox 3.6.10 and apply any necessary updates to mitigate the issue. This product is...

Apple Releases QuickTime 7.6.8

Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows. The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code...

Google Releases Chrome 6.0.472.59

Google has released Chrome 6.0.472.59 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates...

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for September 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users and...

Adobe Releases Security Advisory for Flash Player

Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability...

Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited...

Microsoft Releases Advance Notification for September Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its September release will contain nine bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining five bulletins will have the severity rating of...

Malicious Email Campaign Circulating

US-CERT is aware of public reports of malware spreading via email. These reports indicate that the malicious email messages contain the subject line "Here you have" or "Just For You" and contain a link to a seemingly legitimate PDF file. If users click on this link, they will be redirected to a...

Cisco Releases Updates for Wireless LAN Controller

Cisco has released updates to address multiple vulnerabilities in the Cisco Wireless LAN Controller WLC. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition, modify the device configuration, or bypass access control lists. US-CERT encourages...

Mozilla Releases Firefox 3.6.9

The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has als...

Apple Releases Safari 5.0.2 and 4.1.2

Apple has released Safari 5.0.2 and 4.1.2 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4333...

Google Releases Chrome 6.0.472.53

Google has released Chrome 6.0.472.53 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks. US-CERT encourages users and...

Apple Releases iTunes 10

Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any...

VMware Releases Updates for ESX Service Console Packages

VMware has released security updates for multiple third party packages for the ESX Service Console. These updates address vulnerabilities in the perl, krb5, samba, tar, and cpio packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a...

RealNetworks Releases Update to Address Vulnerabilities in RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the RealNetworks, Inc...

Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol

Cisco has released a security advisory to address a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks...

APWG Fax Back Phishing Education Program

In an effort to respond to a growing public threat by offline phishers that conduct various scams via fax, the Anti-phishing Working Group APWG has partnered with the Internal Revenue Service IRS to create the APWG Fax Back Phishing Education Program. This program is designed to provide...

Cisco Releases Advisories for Unified Communications Manager and Unified Presence

Cisco has released security advisories to address multiple vulnerabilities affecting Unified Communications Manager and Unified Presence. These vulnerabilities affect the processing of Session Initiation Protocol SIP messages. Exploitation of these vulnerabilities may allow an attacker to cause a...

Apple Releases Security Update 2010-005

Apple has released security update 2010-005 to address multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a...

Adobe Releases Security Bulletin for Shockwave Player

Adobe has released a security update to address multiple vulnerabilities affecting Shockwave Player 11.5.7.609 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-20 and...

Microsoft Releases Security Advisory

Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries DLLs. If an application does not securely load DLL files, an attacker may be able to cause the applicati...

Google Releases Chrome 5.0.375.127

Google has released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. US-CERT encourages users and administrators to review th...

VideoLAN Releases a Security Advisory for VLC Media Player

VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The updated release also addresses additional issues that could result in a denial-of-service attack...

Adobe Releases Security Update for Adobe Reader and Acrobat

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh Exploitation of...

Cisco IOS Software Vulnerability

Cisco has released a security advisory to address a vulnerability affecting IOS Software Release 15.12T. This vulnerability may allow an attacker to cause a denial-of-service condition by sending a specially crafted packet through normal network traffic. US-CERT encourages users and administrator...

Apple Releases QuickTime 7.6.7

Apple has released QuickTime 7.6.7 for Windows to address a vulnerability. This vulnerability is due to a stack buffer overflow that exists in QuickTime error logging. By convincing a user to open a specially crafted movie file, a remote attacker may be able to execute arbitrary code or cause a...

Apple Releases Updates for iPhone, iPod touch, and iPad

Apple has released iOS 4.0.2 for the iPhone and iPod touch and iOS 3.2.2 for the iPad to address vulnerabilities in the FreeType and IOSurface packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or gain system privileges. iPhone and iPod touch users are...

Google Releases Chrome 5.0.375.126

Google has released Chrome 5.0.375.126 for Linux, Mac, and Windows. Chrome 5.0.375.126 contains an updated version of the Flash plugin which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...

Adobe Releases Security Update for Flash Player

Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions. US-CERT encourages users and...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight as part of the Microsoft Security Bulletin Summary for August 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges...

Foxit Releases Foxit Reader 4.1.1.0805

Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for...

Cisco Releases Security Advisory for Firewall Services Module

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory...

Microsoft Releases Advance Notification for August Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will hav...

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote...

Apple Releases Safari 5.0.1 and Safari 4.1.1

Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users...

Google Releases Chrome 5.0.375.125

Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entr...

Firefox Releases Firefox 3.6.8

The Mozilla Foundation has released Firefox 3.6.8 to address a critical vulnerability. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8 to hel...

Cisco Releases Security Advisory for CDS Internet Streamer

Cisco has released a security advisory to address a vulnerability in the Cisco Internet Streamer application that is part of the Cisco Content Delivery System. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files...

Mozilla Releases Firefox 3.6.7

The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these...

Apple Releases iTunes 9.2.1

Apple has released iTunes 9.2.1 to address a vulnerability. This vulnerability is due to improper handling of itpc URLs. itpc is the protocol used by Apple iTunes for handling podcasts. By convincing a user to access a specially crafted itpc URL, an attacker may be able to execute arbitrary code ...

Microsoft Windows .LNK Vulnerability

US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for .LNK files. Microsoft uses .LNK files, commonly referred to as "shortcuts," as references to files or applications. By convincing a user to...

Oracle Releases Critical Patch Update for July 2010

Oracle has released its Critical Patch Update for July 2010 to address 59 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 2 for TimesTen In-Memory Database 5 for Oracle Secure Backup 7 for Oracle Fusion Middleware 1 for...

Microsoft Releases July Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for July 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletins an...

Oracle Critical Patch Update Pre-Release Announcement

Oracle has issued a critical patch update pre-release announcement indicating that its July release will contain 59 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 13, 2010. US-CERT encourages users and administrators to review the pre-release...

Microsoft Releases Advance Notification for July Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its July release will contain four bulletins. Three bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining bulletin will have the severity rating of important an...

Google Releases Chrome 5.0.375.99

Google has released Chrome 5.0.375.99 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blo...