04/09/2015 05:59 PM EDT
Original release date: April 09, 2015
WP Super Cache, a WordPress
plugin, contains a persistent XSS vulnerability in versions prior to
1.4.4. Exploitation of this vulnerability could allow a remote attacker
to take control of the affected system.
Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update to version 1.4.4 if affected.
04/08/2015 05:52 PM EDT
Original release date: April 08, 2015
Apple has released security
updates for OS X, iOS, Safari, and Apple TV to address multiple
vulnerabilities. Exploitation of some of these vulnerabilities may allow
a remote attacker to take control of the affected system.
Available updates include:
- OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.2
- iOS 8.3 for iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later
- Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
- Apple TV 7.2 for Apple TV 3rd generation and later
04/08/2015 05:47 PM EDT
Original release date: April 08, 2015
The Network Time Foundation's
NTP Project has released an update addressing multiple vulnerabilities
in ntpd. Exploitation of these vulnerabilities may allow an attacker to
conduct a man-in-the-middle attack or cause a denial of service
condition.
Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and update to NTP 4.2.8p2 if necessary.
Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and update to NTP 4.2.8p2 if necessary.
04/07/2015 11:21 PM EDT
Original release date: April 07, 2015
The Internet Crime Complaint
Center (IC3) has released an alert that warns consumers of fraudulent
government-services websites that mimic legitimate ones. Scam operators
lure consumers to these fraudulent websites in order to steal their
personal identifiable information (PII) and collect fees for services
that are never delivered.
04/07/2015 11:18 PM EDT
Original release date: April 07, 2015
The Internet Crime Complaint
Center (IC3) has issued an alert addressing recently perpetrated Web
site defacements. The defacements advertise themselves as associated
with the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq
and al-Shams (ISIS). However, FBI assesses that the perpetrators are
not actually associated with this group. The perpetrators exploit
WordPress content management system (CMS) vulnerabilities, leading to
disruptive and costly effects.
04/06/2015 09:55 PM EDT
Original release date: April 06, 2015
The Mozilla Foundation has
released Firefox 37.0.1 to address two vulnerabilities, one of which may
allow a remote attacker to conduct man-in-the-middle attacks.
Users and administrators are encouraged to review the Security Advisories for Firefox and apply the necessary updates.
Google Releases Security Update for Chrome
04/01/2015 06:30 PM EDT
Original release date: April 01, 2015
Google has released Chrome
41.0.2272.118 for Windows, Mac, and Linux to address multiple
vulnerabilities. Exploitation of one of these vulnerabilities could
allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
Aucun commentaire:
Enregistrer un commentaire