A week in security (March 9 – March 15)

Multiple high-severity vulnerabilities were disclosed and patched last week, including two Chrome zero-days under active attack, which Google promptly addressed with updates¹. Meanwhile, Apple released patches for older iOS versions to fix Coruna exploit kit flaws. A significant Android vulnerability was also discovered, capable of breaking lock screens in under 60 seconds. Additionally, a flaw in Microsoft Authenticator could leak login codes, prompting an urgent update. Meta introduced anti-scam tools across its platforms, including WhatsApp, Facebook, and Messenger. The emergence of these vulnerabilities and exploits underscores the importance of swift patching, as attackers are quick to capitalize on unpatched systems. So what matters most to practitioners is that the window for patching is rapidly shrinking, making it essential to assess exposure immediately, particularly in light of zero-day activity targeting major vendors.