Adobe has pushed out an emergency Flash update that solves two critical vulnerabilities (CVE-2013-0633 and CVE-2013-0634) that are being actively exploited to target Windows and OS X users, and is urging users to implement it as soon as possible.
Following the recent debacle of the critical Java 0-day that was being actively exploited in the wild, in an attempt to minimize its users' attack surface Mozilla has enabled "Click To Play" for recent versions of Java on all platforms, ensuring that the Java plugin will not load unless a user specifically clicks to enable the plugin.
Kaspersky Lab released its annual Kaspersky Security Bulletin, which provides the overall malware and cyber-threat statistics for 2012.
Microsoft has delivered on its promise and has issued a security update for Internet Explorer to address the zero-day memory-corruption vulnerability in versions 9 and earlier that is currently being exploited in attacks.
Users who have downloaded and are using the "Release To Manufacturing" version of Windows 8 or the 90-day trial version of Windows 8 Enterprise should be aware that the Adobe Flash Player version integrated in Internet Explorer 10 hasn't been automatically updated by Microsoft and makes them vulnerable to code execution attacks due to four separate security flaws.