Forbidden Web

Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to help mitigate the risks.

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 13 bulletins. These bulletins will have the severity ratings of critical, important, and moderate. Release of these bulletins is scheduled for Tuesday, August 9, 2011.

US-CERT will provide additional information as it becomes available.

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.

US-CERT encourages users and administrators to:

• determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
• review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks

Google has released Chrome 13.0.782.107 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to perform a cross-site scripting attack, or to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 13.0.782.107 to help mitigate the security risks.

Apple has released iOS 4.3.5 for the iPhone (GSM model), iPod touch, and iPad, and iOS 4.2.10 for the iPhone (CDMA model) to address a vulnerability. This vulnerability may allow an attacker with a privileged network position to capture or modify data in SSL/TLS sessions.

US-CERT encourages users and administrators to review Apple Support Articles HT4824 and HT4825 and apply any necessary updates to help mitigate the risks.

The Foxit Corporation has released Foxit Reader 5.0.2 to address multiple vulnerabilities.  These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the security release notes for Foxit Reader 5.0.2 and apply any necessary updates to help mitigate the risks.

Apple has released Safari 5.1 and 5.0.6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT4808 and apply any necessary updates to help mitigate the risks.

Apple has released iOS 4.3.4 for the iPhone (GSM model), iPod touch, and iPad, and iOS 4.2.9 for the iPhone (CDMA model) to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges.

US-CERT encourages users and administrators to review Apple Support Articles HT4802 and HT4803 and apply any necessary updates to help mitigate the risks.

RIM has released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server. The vulnerability may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the BlackBerry security advisory KB27258 and apply any necessary updates to help mitigate the risks.