Adobe has confirmed that a bug it patched over the weekend is being used by hackers to target Google's GMail users.

According to a Macworld report, 'Cross-site scripting flaws are often used by identity thieves to hijack usernames and passwords from vulnerable browsers. In this case, browsers themselves are not targeted; rather, attackers are exploiting the Flash Player browser plug-in, which virtually every user has installed. Adobe said that Google reported the Flash Player flaw to its security team.'

Adobe strongly recommends all users on all platforms with all browsers using Flash to update their Flash plugins. This also applies to Google Chrome users, which ships with Flash plugin already incorporated.

[ As a side-note, this is one of the reasons why Apple doesn't allow Flash on its iOS devices - the Flash technology is a plugin to the web browser, not a stand-alone application, and it would mean Apple would have to release a whole new iOS update each time Adobe bug-fixed or security-fixed their plugin. ]

Do you have the latest version of Flash installed? Check here!

Apple has released Security Update 2011-003 for Snow Leopard, in a bid to combat the increasing threat from trojan malware. The update requires Mac OS X 10.6.7, server or client. No other system versions have been released at this time.

The update adds a new item to the Security PreferencePane in System Preferences (Automatically update safe downloads list). This works to download a daily update to Mac OS X's built-in 'XProtect' malware detection technology.

I found it also reset Safari's preferences to check 'Open 'safe' files after downloading', which is the default setting. I usually uncheck this as a matter of course - but whether it needs to be checked for the update process to happen is not clear, as are other aspects of its functionality. More on that here.

In further developments, the authors of the MacDefender malware and its variants have ramped up their game by renaming their payload in different versions that coincide with legitimate anti-malware products, causing confusing for some users. All users should take extra care when downloading and installing software from the internet, especially anti-malware products.

UPDATE: The daily update process doesn't seem to be working for some people, for whatever reason. This utility will both check the version and last update time for your installation, and gives you the option to manually update.

Apple has acknowledged the MacDefender trojan threat, and has published how to avoid and remove directions in this support article.

There will also be a software update coming shortly that will automatically detect and remove the trojan and its known variants.

Trojan malware is targeting Macs Read More...

Playing Flash content back on a Mac can sometimes be problematic... Read More...