McAfee Labs researchers found that mobile app providers have been slow to address the most basic SSL vulnerabilities: improper digital certificate chain validation.
Here's some good news for Google App Engine developers: Google has released a new application security scanner that's especially fitting to test new app builds for cross-site scripting (XSS) and mixed content vulnerabilities.
Google has announced that its 90-day vulnerability disclosure period will, from now on, be little longer if the situation warrants it.
Android users are in danger of getting malicious apps silently installed on their devices by attackers, warns Rapid7's Tod Beardsley, technical lead for the Metasploit Framework.
Two weeks ago, Rapid 7 researchers discovered that Google will no longer be providing security patches for WebView used in pre-KitKat (v4.4) Android versions, meaning that over 60 percent of all Android users will be placed in danger by every new bug affecting the core component that displays web pages on an Android device without the user needing to open another app.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.