Original release date: July 11, 2015

Adobe Flash Player contains a critical vulnerability within the ActionScript 3 opaqueBackground class, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9 through 18.0.0.204.

Users and administrators are encouraged to review Adobe Security Advisory (CVE-2015-5122) and Vulnerability Note VU#338736 for workaround information.

No patch is currently available.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 10, 2015

VMware has released security updates to address a host privilege escalation vulnerability in VMware Workstation, Player and Horizon View Client for Windows. Exploitation of this vulnerability may allow an attacker to escalate privileges on an affected VMware system.

Updates available include:

• VMware Workstation 11.1.1
• VMware Workstation 10.0.7
• VMware Player 7.1.1
• VMware Player 6.0.7
• VMware Horizon Client for Windows (with Local Mode Option) 5.4.2

Users and administrators are encouraged to review the VMware Security Advisory VMSA-2015-0005 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 09, 2015

OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions.

Updates available include:

• OpenSSL 1.0.2d for 1.0.2b/1.02c users
• OpenSSL 1.0.1p for 1.0.1n/1.0.1o users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 08, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability (CVE-2015-5119) in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been made publicly available.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 08, 2015

The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.

Updates available include:

• BIND 9-version 9.9.7-P1
• BIND 9-version 9.10.2-P2

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01267 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 07, 2015

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

Available updates include:

• Firefox 39
• Firefox ESR 38.1
• Thunderbird 38.1

US-CERT encourages users and administrators to review the Security Advisory for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 07, 2015

Adobe Flash Player contains a vulnerability within the ActionScript 3 ByteArray class, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9.0 through 18.0.0.194.

Users and administrators are encouraged to review Vulnerability Note VU#561288 for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 06, 2015

Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

• node.js-v0.12.6
• io.js-v2.2.3
• io.js-v1.8.3

Users and administrators are encouraged to review Node.js Blogpost for v0.12.6 and io.js ChangeLogs for v2.3.3 and v1.8.3 and apply the update.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 01, 2015

Cisco has released a security update to address a vulnerability in versions of the Unified Communications Domain Manager Platform Software prior to 10.x. Exploitation of this vulnerability may allow a remote attacker to take control of the affected system.

US-CERT recommends that users review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: June 30, 2015

Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications.

Available updates include:

• QuickTime 7.7.7 for Windows 7 and Windows Vista
• Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
• Mac EFI for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5
• OS X Yosemite 10.10.4 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.3
• iOS 8.4 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates HT204947, HT204950, HT204934, HT204942, HT204941 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.