Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit.
Learn more about the internals of this kit; bypassing of security mechanisms within Java, the use of file encryption, and delivery of multiple payloads.
The department store has installed sensors in 17 US stores to collect information from customers' smartphones as those phones automatically scan for WiFi service. Nordstrom promises it's keeping the data anonymous.
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
The US Department of Defense has approved the use of Samsung phones running "Knox," a hardened version of Android.
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Apple just released iOS 6.1.4 for the iPhone 5.
Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...
An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it.
Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"...
Google has made a number of changes to its Android Play Store ecosystem recently.
There's now a rudimentary anti-virus provided with the OS, a ban on ad blockers, and, most recently, an official policy on sneaky "off-market" updates...
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
Security researchers have identified a security hole in Viber that can be exploited to bypass Android smartphones' lock screen and gain full access to the device.
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.
It's supposed to give you finer-grained control over Java in your browser.
Paul Ducklin puts it through its paces...