Adobe releases patch for Flash:
Critical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.Flash, of course, is what makes movies work on the Internet (like today's video here of Hank Williams Jr and Sr). Given how wide spread Flash is (basically it's in everything except the iPhone and iPad), you really want to get the patch.
And Paypal has just just updated their iPhone app to close a nasty security hole:
Err, email@example.com is unlikely to get a lot of helpful suggestions from the Bad Guys, but we'd like to hope that the White Hat researchers would toss a line their way.
PayPal has submitted an updated iPhone application after learning that the previous one failed to check the digital certificates that confirmed the authenticity of the online-payment website.
The hole leaves iPhone users who rely on the app open to man-in-the-middle attacks when connecting over unsecured networks such as Wi-Fi hotspots. PayPal learned of the flaw on Tuesday, when a Wall Street Journal reporter asked for comment. A day later, the company rushed out a patched version to Apple's app store.
I expect that up upgrade the app via the iTunes store, but don't use many iPhone apps and don't use PayPal at all, so I'm not sure. FTY, their Android app is not vulnerable.