| Nov 17, 2011 |
Google Releases Chrome 15.0.874.121 Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.121. |
| Nov 17, 2011 |
Internet System Consortium Releases BIND-P1 Patches The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information. US-CERT recommends that administrators of this product apply the respective patches for BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, and 9.4-ESV-R5-P1 or check with their software vendors for updated versions. |
| Nov 15, 2011 |
Apple Releases iTunes 10.5.1 Apple has released iTunes 10.5.1 to address a vulnerability. This vulnerability may allow an attacker to conduct a man-in-the-middle attack that could lead a user to click on a forged link believed to have originated from Apple. US-CERT encourages users and administrators to review Apple article HT5030 and apply any necessary updates to help mitigate the risks. |
| Nov 11, 2011 |
Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR Adobe has released a security advisory to alert users of vulnerabilities affecting Adobe Flash Player and Adobe AIR. These vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player 11.0.1.153 for Android, and Adobe AIR 3.0 for Windows, Macintosh, and Android. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to help mitigate the risk. |
| Nov 10, 2011 |
Google Releases Chrome 15.0.874.120 Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.120. |
| Nov 10, 2011 |
Apple Releases iOS 5.0.1 Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5052 and apply any necessary updates to help mitigate the risk. |
| Nov 10, 2011 |
Fraudulent Digital Certificates Could Allow Spoofing US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information. Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog. Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available. |
| Nov 10, 2011 |
Operation Ghost Click Malware On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries. The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer. The malware also could have prevented users' anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software.
US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns:
|
| Nov 09, 2011 |
Mozilla Releases Firefox 8 and 3.6.24 The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 8 and Firefox 3.6.24 and apply any necessary updates to help mitigate the risk. |
| Nov 08, 2011 |
Adobe Releases Security Bulletin for Adobe Shockwave Player Adobe has released a security update for Adobe Shockwave Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. These vulnerabilities affect Shockwave Player 11.6.1.629 and earlier versions for the Windows and Macintosh operating systems. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB11-27 and apply the necessary updates to help mitigate the risk. |