Two weeks ago, Rapid 7 researchers discovered that Google will no longer be providing security patches for WebView used in pre-KitKat (v4.4) Android versions, meaning that over 60 percent of all Android users will be placed in danger by every new bug affecting the core component that displays web pages on an Android device without the user needing to open another app.
Adobe made good on its promise to make available by this week a fix for the recently discovered critical zero-day Flash Player vulnerability (CVE-2015-0311) preyed on by the Angler exploit kit.
Adobe has released an out-of-band update for Flash Player, which fixes a security flaw (CVE-2015-0310) that could be used to circumvent memory randomization mitigations on the Windows platform.
Security engineer Dylan Saccomanni has discovered a critical CSRF vulnerability that can be exploited to take over domains registered with Go Daddy, and has forced the popular internet domain registrar and web hosting company to issue a fix sooner rather than later.
On Tuesday Oracle released its quarterly Critical Patch Update, which addressed a total of 169 vulnerabilities across multiple products, including Java SE (Standard Edition).
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.