Six months ago, we wrote about a risky bug in the sudo command, the Unix equivalent of Run As... on Windows.
The vulnerability is still unpatched on OS X, and now there's a Metasploit exploit pack to take advantage of the hole.
Here's the first 60 Second Security video of July, looking into some of the intriguing and interesting security stories of the past week.
Neatly compressed into a minute of video, why not give it a whirl?
Apple has released its latest Security Update for OS X.
Update 2013-003 fixes a trifecta of buffer overflow vulnerabilities in QuickTime.
Paul Ducklin sees what we can learn from the bugs...
Patch Tuesday is coming on 11 June 2013.
Paul Ducklin gives you a quick preview of what we know so far, and who'll be affected by the updates...
(Mac users, that might include you.)
Apple has published updates for all supported versions of OS X and for Safari version 6.
A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Minority groups in China appear to have been targeted by a Mac malware attack, delivered via boobytrapped Word documents.
Who could possibly be interested in targeting their computers?
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.
Some time later, Apple has changed its ways.
Paul Ducklin explains why it matters...
Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...
Last week, Apple showed that it is getting more serious about security by getting strict about the version of Flash you're allowed to use in Safari.
Paul Ducklin explains the what and the why...
Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through a drive-by attack.
A targeted Mac malware attack strikes a minority group in China, exploiting an old Microsoft Word vulnerability.
No patch yet for Adobe PDF exploits - Adobe suggests a workaround; Mac and Linux users need not apply
Adobe issues advice on how to mitigate the latest exploits against its PDF Reader software.
For Windows users, anyway. Mac and Linux fans are still out in the cold.
Heard about the OS X bug that crashes programs if you display the text FILE colon slash slash slash? (We're not going to write it here in full, just in case!)
It's an intriguing problem - Paul Ducklin explains what goes wrong, and offers you two workarounds.
After the recent discovery of a zero-day vulnerability in Oracle's Java Web Start plugin Apple and Mozilla are now disabling Java by default until fixes are made available.
Apple announced today that the bait-and-switch of software screenshots in the App Store will no longer be allowed.
Once you submit an app, you'll have to stick to your original marketing materlal until the app is updated and re-approved. Good thing.
Chester finally brings up his century with Chet Chat Episode 100 - the Benjamin Franklin edition!
Chet's guest in the 100th Chet Chat is Paul Ducklin.