Jeremiah Grossman has discovered and explained a potentially significant security flaw in Safari 4 and 5. In essence, if you have the AutoFill option "Using info from my Address Book card" enabled, a malicious Web site can extract your name, company, city, state, country, and email address without your knowledge. For the moment, we recommend turning off that option in Safari's AutoFill preference pane. Apple told the New York Times (though not Grossman, who reported the bug) that they are "aware of the issue and are working on a fix."

Since the iOS caches your iTunes account password after you make a purchase or download a free app, other purchases can be made - unintentionally and without requiring the password again - within the next 15 minutes, which can be a problem with iOS devices shared with children.

Apple has announced that it is now replacing or repairing, free of charge, Time Capsules purchased roughly between February 2008 and June 2008 that exhibit certain power failures. These failures include not powering on, or shutting down unexpectedly after startup. A recent Knowledge Base article has more information on how to identify whether your Time Capsule has a qualifying serial number, how to arrange for Apple to retrieve data from your device, and how to receive a refund for a previously paid repair or replacement.

After noticing spam sent by previous email correspondents, Adam determined that email account hacking is on the rise. If you use a Web-based email service, now would be a good time to change your password and take some additional precautions.

Don't be fooled by the name of the Find My iPhone app: it can reveal the current location of all iDevices (iPad, iPhone, and iPod touch) registered to a MobileMe account with the locating service active. Apple has also updated the Web app version at me.com.

A new extension for Firefox ensures that Web connections made to any Web site that supports SSL/TLS encryption are always conducted via that secure method.

Apple has released Mac OS X 10.6.4 to address a wide variety of highly specific bugs and security vulnerabilities. It's undoubtedly worth upgrading to, but perhaps after early adopters have had a chance to determine if it introduces any new problems.

Adobe has released an update to Flash Player that resolves the recent security vulnerability and many others; we strongly encourage you to upgrade both Flash Player and, if you're using it, Adobe AIR.

The New York Times reports that a hacker group named Goatse Security has successfully exploited a hole in AT&T's Web site to access the email addresses of 114,000 iPad 3G users. AT&T has since patched the hole on its site, but the breach is a black eye for the company and could also harm the iPad's reputation, even though there's no indication that the problem was related directly to Apple.

It's always depressing to have to warn against another way that browsing the Web can increase your risk of identity theft, but at least in this case, the solutions aren't much work and even come with other benefits.

The venerable backup program Retrospect has been acquired from EMC by Sonic Solutions, the parent company of Roxio. Will the move help it regain its former dominant position in the Macintosh backup market?

Kudos to our own Rich Mogull, whose TidBITS article about protecting your privacy from Facebook landed him a guest spot on the NPR radio show Science Friday with Ira Flatow (himself a TidBITS reader at one point). You can either listen to the audio of the show or read the transcript on NPR's Web site.

Google is trying to counter waves of bad publicity about how it handles data and discloses its actions by offering a beta test of a secure Web site for search.

The brouhaha surrounding privacy on Facebook continues to expand, with the New York Times producing a fascinating info-graphic that shows just how complex Facebook has made the topic, with 50 settings containing over 170 options. And the Facebook privacy policy? It's longer than the U.S. Constitution.

Improves reliability, security, and compatibility for Java in Mac OS X 10.6 Snow Leopard. (Free, 78 MB)