Forbidden Web

RIM has released a security advisory to address vulnerabilities in the Adobe Flash Player version included with the BlackBerry PlayBook tablet software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service condition.

US-CERT encourages users and administrators to review BlackBerry security advisory KB27365 and apply any necessary updates to help mitigate the risks.

Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems.  Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Adobe security bulletin APSB11-17 and apply any updates to help mitigate the risks.

Google released Chrome 12.0.742.100 for Windows, Mac, Linux, and Chrome Frame to address a critical vulnerability in the Flash player plug-in. This vulnerability could allow an attacker to take control of the affected system.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risk.

Adobe has released security bulletin APSB11-18 to alert users of a critical vulnerability in Adobe Flash Player. The following versions are affected:

• 10.3.181.23 and earlier for Windows, Macintosh, Linux, and Solaris
• 10.3.185.23 and earlier for Android

Adobe indicates that it has received reports of active exploitation of this vulnerability. Adobe recommends that affected Windows, Macintosh, Linux, and Solaris users update to Adobe Flash Player 10.3.181.26. An Android update is expected to be released by June 18th.

US-CERT encourages users and administrators to review Adobe security bulletin APSB11-18 and apply any updates to help mitigate the risks.

Adobe has issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on June 14, 2011.

US-CERT encourages users and administrators to review the Adobe Advisory.

US-CERT will provide additional information as it becomes available.

Microsoft has issued a Security Bulletin Advance Notification indicating that its June release will contain 16 bulletins. Nine of the bulletins will have the severity rating of critical. The notification states that these critical bulletins are for Microsoft Windows, Microsoft .NET framework, Microsoft Silverlight, Microsoft Forefront Threat Management Gateway, and Internet Explorer.  The remaining 7 bulletins will have the severity rating of important.  The notification states that these important bulletins are for Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Microsoft Visual Studio. Release of these bulletins is scheduled for Tuesday, June 14, 2011.

US-CERT will provide additional information as it becomes available.

Google has released Chrome 12.0.742.91 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 12.0.742.91 to help mitigate the security risks.

• VMware Workstation 7.1.3 and earlier
• VMware Player 3.1.3 and earlier
• VMware Fusion 3.1.2 and earlier
• ESXi 4.1 without patch ESXi410-201104402-BG
• ESXi 4.0 without patch ESXi400-201104402-BG
• ESXi 3.5 without patches ESXe350-201105401-I-SG and ESXe350-201105402-T-SG
• ESX 4.1 without patch ESX410-201104401-SG
• ESX 4.0 without patch ESX400-201104401-SG
• ESX 3.5 without patches ESX350-201105401-SG, ESX350-201105404-SG, and ESX350-201105406-SG