| Jul 28, 2010 |
Apple Releases Safari 5.0.1 and Safari 4.1.1 Apple has released Safari 5.0.1 and Safari 4.1.1 for Windows and Mac OS X to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article HT4276 and apply any necessary updates to help mitigate the risks. |
| Jul 27, 2010 |
Google Releases Chrome 5.0.375.125 Google has released Chrome 5.0.375.125 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Jul 26, 2010 |
Firefox Releases Firefox 3.6.8 The Mozilla Foundation has released Firefox 3.6.8 to address a critical vulnerability. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation security advisory MFSA 2010-48 and update to Firefox 3.6.8 to help mitigate the risks. |
| Jul 22, 2010 |
Cisco Releases Security Advisory for CDS Internet Streamer Cisco has released a security advisory to address a vulnerability in the Cisco Internet Streamer application that is part of the Cisco Content Delivery System. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs. This information could be used to leverage subsequent attacks. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100721 and apply any necessary updates to help mitigate the risks. |
| Jul 21, 2010 |
Mozilla Releases Firefox 3.6.7 The Mozilla Foundation has released Firefox 3.6.7 and Firefox 3.5.11 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks. Some of these vulnerabilities also affect Thunderbird and SeaMonkey. US-CERT encourages users and administrators to review the Mozilla Foundation security advisories released on July 20, 2010, and apply any necessary updates to help mitigate the risks. |
| Jul 20, 2010 |
Apple Releases iTunes 9.2.1 Apple has released iTunes 9.2.1 to address a vulnerability. This vulnerability is due to improper handling of itpc URLs. itpc is the protocol used by Apple iTunes for handling podcasts. By convincing a user to access a specially crafted itpc URL, an attacker may be able to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4263 and update to iTunes 9.2.1 to help mitigate the risks associated with this vulnerability. |
| Jul 16, 2010 |
Microsoft Windows LNK Vulnerability US-CERT is aware of a vulnerability affecting Microsoft Windows. This vulnerability is due to improper handling of LNK files. Microsoft uses LNK files, commonly referred to as "shortcuts" as references to files or applications. By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, exploitation can occur without any interaction from the user. At this time, US-CERT is unaware of a practical solution to this problem but encourages users and administrators to consider implementing the following best practice security measures to help reduce the risks:
US-CERT will provide additional information as it becomes available. |
| Jul 13, 2010 |
Oracle Releases Critical Patch Update for July 2010 Oracle has released its Critical Patch Update for July 2010 to address 59 vulnerabilities across multiple products. This update contains the following security fixes:
|
| Jul 13, 2010 |
Microsoft Releases July Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for July 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. |
| Jul 09, 2010 |
Oracle Critical Patch Update Pre-Release Announcement Oracle has issued a critical patch update pre-release announcement indicating that its July release will contain 59 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 13, 2010. US-CERT encourages users and administrators to review the pre-release announcement; US-CERT will provide updates as they become available. |