Web Browsers
Apple fixes 41 iTunes security flaws, some more than a year old
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
May Patch Tuesday critical for users of Internet Explorer and web-based services
Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.
Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
Monday review - the hot 22 stories of the week
In case you missed any recent stories, here's everything we wrote in the last seven days.
Apple updates Safari, gives better control over Java applets
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.
It's supposed to give you finer-grained control over Java in your browser.
Paul Ducklin puts it through its paces...
Researcher rewarded over $30,000 for nailing three Chrome OS security flaws
The high-risk bugs must have been poisonous indeed, given that researcher Ralf-Philipp Weinmann is looking at a $31,336 thank-you.
Microsoft fixes 9 flaws, Adobe 3 in April's Tuesday update
As expected Microsoft released seven important and two critical fixes for Windows, Internet Explorer and other Microsoft products. Adobe followed suite releasing fixes for ColdFusion, Flash and Shockwave. Patch now!
SSCC 106 - US DoD and BYOD, "scanner" malware, 2FA, and browser wars revisited [PODCAST]
For your listening pleasure, here's the latest episode in our popular "Chet Chat" series.
Senior Security Advisor Chester Wisniewski discusses the latest security news with regular guest Paul Ducklin in an entertaining and easily-digested quarter-hour podcast.
Monday review - the hot 17 stories of the week
Catch up with everything we've written in the last seven days - it's weekly roundup time.
Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required
Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.
If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...
Google announces brand new web browser core, so does Mozilla
When you wait ages for a bus, and then three come along at once, it's not a coincidence: it's a side-effect of queuing and traffic lights.
But what about when three browser vendors make announcements on the same day?
Firefox 20 arrives - new version, some security improvements, no known vices
Firefox 20.0 was released today.
The buglist page enumerates 3054 official changes, with eleven patched vulnerabilities, three at "Critical" level.
Paul Ducklin takes a quick look...
SSCC 105 - HP printers, Google blocks ad blockers, Apple does the 2-step, and more...
Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.
Monday review - the hot 21 stories of the week
It's weekly roundup time. Here's all the great stuff we've written in the past seven days.
Google to pay $40,000 "consolation prize" to Pinkie Pie for not-quite breaking into Chrome OS
Renowned Chrome hacker Pinkie Pie, who scooped the prize at last year's Pwnium competition, didn't quite get across the line this year.
But Google will pay him a one-third-sized consolation prize anyway, for "honoring the spirit of the competition."
Monday review - the hot 32 stories of the week
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
Seagate's blog pushes malware on unsuspecting visitors via rogue Apache modules
SophosLabs has been tracking an infection of Mal/Iframe-AL on Seagate's blog since late February.
Are you taking enough care of your company's websites?
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
