Oracle has released a June 2013 Critical Patch Update for Oracle Java SE. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. The update contains 40 new security vulnerability fixes, including a patch for Oracle JavaDoc frame injection vulnerability VU#225657. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.

The following versions of Oracle Java SE are affected:

• JDK and JRE 7 Update 21 and earlier
• JDK and JRE 6 Update 45 and earlier
• JDK and JRE 5.0 Update 45 and earlier
• JavaFX 2.2.21 and earlier

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Security updates are available for the following versions of Adobe Flash Player: 

• Adobe Flash Player 11.7.700.202 and earlier versions for Windows
• Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
• Adobe Flash Player 11.2.202.285 and earlier versions for Linux
• Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
• Adobe AIR 3.7.0.1860 and earlier versions for Android
• Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

US-CERT encourages users and administrators to review Adobe Security Bulletin 13-16 and follow best practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for June 2013. These vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevation of privilege.

US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released OS X 10.8.4 and Security Update 2013-002 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security controls, or cause denial-of-service conditions. 

US-CERT encourages users and administrators to review Apple Security article HT5784 and apply any necessary updates to help mitigate these risks.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released security updates for Safari 6.0.5 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Safari 6.0.5 WebKit updates are available for the following versions:

• OS X Lion v10.7.5
• OS X Lion Server v10.7.5
• OS X Mountain Lion v10.8.3

US-CERT encourages users and administrators to review Apple Support Article HT5785 and follow best practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Google Chrome 27.0.1453.110 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition, bypass security controls or execute arbitrary code. 

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple has released security updates for Apple QuickTime 7.7.4 for Windows 7, Vista,  and XP SP2 or later to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple Support Article HT5770 and follow best-practice security policies to determine if their organization is affected and the appropriate response.

This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Google Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition, obtain sensitive information, or execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities could cause a denial-of-service condition and potentially allow an attacker to execute arbitrary code and take control of an affected system.

The following versions of Adobe Flash Player are affected:

• Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.280 and earlier versions for Linux
• Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x devices
• Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
• Adobe AIR 3.7.0.1660 and earlier versions for Android
• Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-14 and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates for Adobe Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system.

The following versions of Adobe Reader and Acrobat are affected:

• Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Windows and Macintosh
• Adobe Reader 9.5.4 and earlier 9.x versions for Linux
• Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB13-15 and follow best-practice security policies to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.