Forbidden Web

May 16, 2012

Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates to help mitigate the risk.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 15, 2012

Google Releases Google Chrome 19

Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 10, 2012

Apple Releases Multiple Security Updates

Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products:

Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later
OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review Apple articles HT5281 and HT5282 and apply any necessary updates to help mitigate the risks.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 09, 2012

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected:

Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh
Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh
Adobe Flash Professional CS 5.5 (11.5.1.349) and earlier versions for Windows and Macintosh
Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system.

US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 08, 2012

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 08, 2012

Apple Releases iOS 5.1.1

Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address.

US-CERT encourages users and administrators to review Apple Support Article HT5278 and apply any necessary updates to help mitigate the risk.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 04, 2012

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions:

Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems
Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x
Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x

This vulnerability may allow an attacker to cause a denial-of-service condition or take control of the affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-09 and apply any necessary updates to help mitigate the risk.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 04, 2012

Google Releases Chrome 18.0.1025.168

Google has released Chrome 18.0.1025.168 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 18.0.1025.168.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 04, 2012

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has published a Security Bulletin Advance Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Release of these bulletins is scheduled for Tuesday, May 8, 2012.

US-CERT will provide additional information as it becomes available.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Apr 30, 2012

DNSChanger Malware

US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group (DCWG) website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the malware in order to maintain continued internet connectivity beyond July 9, 2012.

On November 8, 2011, the FBI, NASA-OIG, and Estonian police arrested several cyber criminals in "Operation Ghost Click." The criminals operated under the company name "Rove Digital," and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ, and TDL4 viruses.

Additional information about Operation Ghost Click and the DNSChanger malware is available at the FBI website.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify


May 16, 2012	Apple Releases QuickTime 7.7.2 Apple has released QuickTime 7.7.2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT5261 and apply any necessary updates to help mitigate the risk. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 15, 2012	Google Releases Google Chrome 19 Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 19. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 10, 2012	Apple Releases Multiple Security Updates Apple has released security updates for Apple OS X and Safari to address multiple vulnerabilities for the following products: Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later OS X Lion v10.7.4 and Security Update 2012-002 for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3, Mac OS X v10.6.8, Mac OS X Server v10.6.8 Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review Apple articles HT5281 and HT5282 and apply any necessary updates to help mitigate the risks. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 09, 2012	Adobe Releases Security Bulletins for Multiple Products Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected: Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh Adobe Flash Professional CS 5.5 (11.5.1.349) and earlier versions for Windows and Macintosh Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or take control of an affected system. US-CERT encourages users and administrators to review the Adobe security bulletin and apply any necessary updates to help mitigate the risk. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 08, 2012	Microsoft Releases May Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

May 08, 2012	Apple Releases iOS 5.1.1 Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address. US-CERT encourages users and administrators to review Apple Support Article HT5278 and apply any necessary updates to help mitigate the risk. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 04, 2012	Adobe Releases Security Advisory for Adobe Flash Player Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions: Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x This vulnerability may allow an attacker to cause a denial-of-service condition or take control of the affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-09 and apply any necessary updates to help mitigate the risk. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 04, 2012	Google Releases Chrome 18.0.1025.168 Google has released Chrome 18.0.1025.168 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 18.0.1025.168. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
May 04, 2012	Microsoft Releases Advance Notification for May Security Bulletin Microsoft has published a Security Bulletin Advance Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity ratings of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Release of these bulletins is scheduled for Tuesday, May 8, 2012. US-CERT will provide additional information as it becomes available. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
Apr 30, 2012	DNSChanger Malware US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group (DCWG) website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the malware in order to maintain continued internet connectivity beyond July 9, 2012. On November 8, 2011, the FBI, NASA-OIG, and Estonian police arrested several cyber criminals in "Operation Ghost Click." The criminals operated under the company name "Rove Digital," and distributed DNS changing viruses, variously known as TDSS, Alureon, TidServ, and TDL4 viruses. Additional information about Operation Ghost Click and the DNSChanger malware is available at the FBI website. This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify