This exploit has been rated as “critical”, but it does require that a user download and open the Trojan file.

Pay attention, folks. We knew that Macs would come more and more into hackers focus as market-share grew.

See more information at the SecureMac site.

ComputerWorld is reporting in their article Phishers point scam at Apple’s iTunes that some people are receiving email messages telling them that a problem must be corrected in their iTunes account. The email contains a link to a bogus iTunes billing page, requesting the user re-enter their information, including credit card number, security code, and other information for identity theft.

iTunes Store users beware.

• MacRumors
• MacDailyNews
• GizModo
• Arstechnica
• MacFormat
• TUAW
• Engadget

Check back here later for my periodic reports of MacWorld.

MacBook Tablet
This rumor has been made on several sites, each with an interesting take on what form this tablet will take. Common to all the predictions is that is will be small (13″), thin, and a tablet. Here is an interesting video of what form it might take:

Next Gen iPhone
The other rumor I am particularly fond of is the unveiling of the next generation iPhone. Among the most important features of this new iPhone will be 3G wireless technology and the unshackling of its service to the AT&T network. Also, look for some interesting new apps to be introduced for the iPhone.

Mid-Range Mac Desktop
This last rumor is also one I’ve been wishing for: a mid-range, easily upgradeable desktop Mac position between the iMac line and the Mac Pro line. This should be at a price point that makes it attractive for the PC switchers.

See you at MacWorld!

Apple made a decision to change the firewall settings in Leopard, provoking some serious questions about the security of this new OS. This latest security issue puts a spotlight on what may become a real thorn in Apple’s side.

This from Symantec:

Originally, the flaw was disclosed on November 23, 2007 by Polish security researcher Krystian Kloskowski and since then we have seen number of exploits targeting the vulnerability being released to the public. But now the exploit is active and in the wild, meaning web surfers are in danger of being attacked. Our current analysis is also leading us to believe that there may be multiple attacks in existence. Further investigation is currently under way to confirm this.

Let me briefly explain what we have seen. The attack we have confirmed today begins with the popular IFRAME. An IFRAME code that causes the browser to make an additional request to another URL, is embedded in a porn site. Without knowledge, users visiting this site are redirected to the malicious site serving the exploit. Currently, the malware that is downloaded by the exploit is detected by Symantec as Downloader. We are still studying the attack in depth, so look out for more information at a later time.

Since a patch to correct the issue has yet to be released, we advise users to be cautious when browsing the web. For those of you seeking extra protection, we also recommend the following options:

- Run web browsers at the highest security settings possible
- Disable Apple QuickTime as a registered RTSP protocol handler.
- Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.