If you browse with IE but don't have Firefox installed, you're fine. If you browse with Firefox, you're hunky-dory. But if you have both and click a poisoned link in IE, Microsoft's browser will start Firefox, which will run the attack command contained in the passed-along URL.

Though each group said that the other was at fault, Mozilla released a fix in its version 2.0.0.5 update, sent via Firefox's automatic update feature. If you're an IE user and haven't started Firefox in a while, fire up the alternate browser and select HelpCheck for Updates. Check out the Firefox patch, which also squashes a few other security bugs.

Holey iPhone

A problem in the iPhone's Safari browser introduces a hole that an attacker might exploit via a drive-by download from a malicious Web page to take over the phone. Researchers at Independent Security Evaluators discovered the flaw, which affects Mac and Windows versions of Safari, too. To make sure you have the mobile fix, connect your iPhone to your PC, select your phone in iTunes, and click Update. For details and links, see Mac and Windows patches.