Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.
Some time later, Apple has changed its ways.
Paul Ducklin explains why it matters...
Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...
Last week, Apple showed that it is getting more serious about security by getting strict about the version of Flash you're allowed to use in Safari.
Paul Ducklin explains the what and the why...
Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through a drive-by attack.
A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.
No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply
Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software.
For Windows users, anyway. Mac and Linux fans are still out in the cold.
Heard about the OS X bug that crashes programs if you display the text FILE colon slash slash slash? (We're not going to write it here in full, just in case!)
It's an intriguing problem - Paul Ducklin explains what goes wrong, and offers you two workarounds.
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Apple announced today that the bait-and-switch of software screenshots in the App Store will no longer be allowed.
Once you submit an app, you'll have to stick to your original marketing materlal until the app is updated and re-approved. Good thing.
Chester finally brings up his century with Chet Chat Episode 100 - the Benjamin Franklin edition!
Chet's guest in the 100th Chet Chat is Paul Ducklin.
Oracle patches Java, then Apple issues its own updates. You can never be quite sure how long that's going to take.
This month, it all happened pretty quickly - and Apple took the opportunity to kick Java out of your browser at the same time...
The latest security updates for Snow Leopard, Lion and Mountain Lion came out last week.
They were overshadowed by the iPhone 5 and iOS 6, but to OS X users, are just as important. More so, in fact!
When we write Naked Security articles about Mac malware, we often end up creating a bit of a stir.
So, with a deep breath, here's some Mac malware news: this time, it's a zombie Trojan called 'NetWeird'.