A week in security: Apple releases slew of fixes

Apple has fixed a number of vulnerabilities in its products

While most of the week’s news has been focused on the forthcoming iPhone 4, in the security space it has been a relatively quiet seven days, with Apple issuing more updates and yet more Facebook click-jacking woes.

First up, UK security firm Veritape released a new device which it claimed can help protect banks and consumers from credit card fraud committed through call centres.

The company said that CallGuard could save hundreds of millions of pounds a year by limiting so-called "audio data thefts" which involve the eavesdropping and analysis of recorded phone calls which contain personal and banking information.

Next up, more click-jacking on Facebook. Security vendor Sophos warned that the scam spreads through the site's news feed and 'Like' feature. The attack appears as a link to a web page offering photos of the '101 hottest women in the world.' The link presents a page which, when clicked, forwards the victim to a third-party site, and accesses their news feed without notification.

Apple, meanwhile, posted security updates for Mac OS X and iTunes. The OS X update covers flaws in 10.5 Leopard and 10.6 Snow Leopard.

The fixes will be released as an Apple security update for Leopard users, while Snow Leopard users will get the updates as part of the OS X 10.6.4 update. The update includes 23 fixes for security issues in the operating system, including flaws which can allow remote code execution, man-in-the-middle attacks and elevation of privileges.

It was a good week for RIM, with the revelation that government ministers have been told that Apple's iPhone is not approved as a work device, because of security concerns, although BlackBerry smartphones have been sanctioned for official use.

The iPad AT&T breach rumbled on this week with one of the researchers connected to the case arrested following a police raid. The FBI conducted a search of the home of Andrew 'Escher' Auernheimer, a member of the Goatse Security group. The 24 year-old was arrested for possession of drugs, including cocaine, LSD and ecstasy.

Finally, a new report from consultancy PwC this week found that a company's employees are its best defence against security threats, and should be empowered and educated about technology risk. The consulting firm said in its Protecting your Business report that organisations are too complacent about security, and assume that they will not be affected.