While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a ‘Windows Presentation Foundation’ plug-in in Firefox.
Microsoft engineers on the company’s Security Research & Defense blog • Describing how a vulnerability which would usually only affect Internet Explorer users also affects IE users, too. The reason? Well, some genius thought it’d be awesome to stealthy foist a Microsoft-centric feature onto Firefox users without them asking – essentially bringing Firefox’s security quality down to the same level as IE. Way to go knuckleheads. • source
The new Mac version installs a long-outdated version of Adobe’s app. You might have had a fully-upgraded version of Flash before upgrading to Snow Leopard last week, but you probably don’t have it this week. That’s because, as part of Apple’s install process, it installs Flash Player 10.0.23.1, an old version with known vulnerabilities. (The current version is 10.0.32.18.) So, do yourself a favor, guys. Upgrade Flash. Now.source
After trying for weeks to convince Apple to fix their iPhone software, two security researchers revealed a scary method for hacking the iPhone using SMS. source
After feeling the wrath of negative PR contained in that message, Apple hurried and fixed the vulnerability, but you have to hook up to iTunes to fix it. source