| Apr 28, 2011 |
Cisco Releases Security Advisory for Cisco Unified Communications Manager Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110427-cucm and apply any necessary updates or workarounds to help mitigate the risks. |
| Apr 28, 2011 |
Google Releases Chrome 11.0.696.57 Google has released Chrome 11.0.696.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 11.0.696.57 to help mitigate the security risks. |
| Apr 27, 2011 |
WordPress Releases Version 3.1.2 WordPress has released WordPress 3.1.2 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.2 and apply any necessary updates to help mitigate the risks. |
| Apr 22, 2011 |
Adobe Releases Security Updates for Reader and Acrobat Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including the one described in the Flash Player security advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB11-08 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in the US-CERT Vulnerability Note VU#230057. |
| Apr 19, 2011 |
Apple Releases iTunes 10.2.2 Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4609 and apply any necessary updates to mitigate the risks. |
| Apr 15, 2011 |
Oracle Critical Patch Update Pre-Release Announcement Oracle has issued a critical patch update pre-release announcement indicating that its April release will contain 73 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, April 19, 2011. US-CERT encourages users and administrators to review the pre-release announcement. US-CERT will provide additional information as it becomes available. |
| Apr 15, 2011 |
Google Releases Chrome 10.0.648.205 Google has released Chrome 10.0.648.205 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities including the Adobe Flash vulnerability described in Adobe Security Advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Apr 15, 2011 |
Apple Releases Security Updates Apple has released the following security updates: Security Update 2011-002 addresses a vulnerability in the Certificate Trust Policy for Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.7, Mac OS X Sever v10.6.7. Exploitation of this vulnerability may allow an attacker to intercept user credentials, or obtain sensitive information. Safari 5.0.5 addresses two vulnerabilities affecting the WebKit package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. iOS 4.2.7 Software Update for iPhone addresses multiple vulnerabilities affecting the Certificate Trust Policy, QuickLook, and WebKit Packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information. iOS 4.3.2 Software Update addresses multiple vulnerabilities affecting the Certificate Trust Policy, libxslt, QuickLook, and WebKit. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, intercept user credentials, or obtain sensitive information, or bypass security restrictions. US-CERT encourages users and administrators to review Apple articles HT4608, HT4596, HT4607, and HT4606 and apply any necessary updates to help mitigate the risks. |
| Apr 12, 2011 |
Microsoft Releases April Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Server Software, and Developer Tools as part of the Microsoft Security Bulletin Summary for April 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practices security policies to determine which updates should be applied. |
| Apr 12, 2011 |
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat Adobe has released security advisory APSA11-02 to alert users of a vulnerability affecting the following Adobe products:
The Adobe advisory indicates that this vulnerability is currently being exploited in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment. However, the method of attack can change at any time. At this time, Adobe has not released a fix to mitigate this vulnerability. US-CERT encourages users and administrators to do the following to help mitigate the risks until a fix becomes available:
|