The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Apple Releases Updates for Java Mac OS X 10.5 and 10.6

Apple has released Java for Mac OS X 10.5 Update 7 and Java for Mac OS X 10.6 Update 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Article HT4170 and HT4171 and apply any necessary updates to help mitigate the risks.

Cisco Releases Updates for PGW Softswitch

Cisco has released updates to address multiple vulnerabilities in Cisco PGW Softswitch. These vulnerabilities may allow an attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100512-pgw and apply any necessary updates to help mitigate the risks.

Adobe Releases Update for Shockwave Player

Adobe has released a security update to address multiple vulnerabilities in Adobe Shockwave Player 11.5.6.606 and earlier versions for both Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-12 and update to Adobe Shockwave Player 11.5.7.609 to help mitigate the risks.

Microsoft Releases May Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code.

Apple Safari Vulnerability

US-CERT is aware of a vulnerability affecting Apple Safari. By convincing a user to open a specially crafted web page, an attacker may be able to execute arbitrary code. Exploit code for this vulnerability is publicly available.

Microsoft Releases Advance Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification, indicating that its May release cycle will contain two bulletins. Both of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Office, and Visual Basic for Applications. Release of these bulletins is scheduled for Tuesday, May 11, 2010.

US-CERT will provide additional information as it becomes available.