Apple released iOS 10.2 on Monday, addressing a handful of security vulnerabilities, including two issues that could have led to arbitrary code execution.

Finnish security researcher Jouko Pynnonen found a second stored cross-site scripting vulnerability in Yahoo Mail in less than a year, both of which earned him $10,000 bug bounties.

Mike Mimoso and Chris Brook discuss the news of the week, including the latest Linux bug, Sony closing backdoors in cameras, and Google’s new open source fuzzer.

Locus Energy has patched 100,000 of its residential and commercial power meters that were vulnerable to command injection attacks and code execution.

A local, race condition vulnerability in the af_packet implementation in Linux was patched this week. The bug allows a local attacker to execute code or crash a server.

Two German researchers are calling into question the security afforded by AMD’s Secure Encrypted Virtualization feature debuting in the chip maker’s upcoming Zen server chips.

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.

The BSD libc library was updated recently to address a buffer overflow vulnerability that could have allowed an attacker to execute arbitrary code.

Backdoors, likely intentional remote administration features, were closed off in 80 different Sony IP-enabled cameras running the IPELA Engine technology.

An Adobe Flash Player vulnerability used by the Sofacy APT gang was also found in seven of the top exploit kits, according to an analysis by Recorded Future.