Apple Releases Multiple Security Updates

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions.

US-CERT encourages users and administrators to review Apple Support Article HT5130 and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2011-3449 can be found in US-CERT Vulnerability Note VU#410281.

Additional information regarding CVE-2011-3446 can be found in US-CERT Vulnerability Note VU#403593.

SANSFIRE 2011

SANSFIRE 2011

http://www.sans.org/info/74039

TA12-024A: “Anonymous” DDoS Activity

“Anonymous” DDoS Activity

http://www.us-cert.gov/cas/techalerts/TA12-024A.html

VU#732115: Project Open cross-site scripting vulnerability

Project Open]po[version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting(XSS)vulnerability in the account-closed.tcl script

http://www.kb.cert.org/vuls/id/732115

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing - Version: 3.0

http://technet.microsoft.com/en-us/security/advisory/2641690