A few days ago a new Adobe Flash vulnerability was found (in a very interesting work, I must say). I blogged about my concerns on ubiquitous software, like Flash players. We have been seeing the dangers of security vulnerabilities on this kind of software for years, beginning with Microsoft. Now that Microsoft is doing a good job on closing (and avoiding new) gaps, the attackers are taking the logical approach and changing targets to software that is as present as MS.Adobe (Acrobat, Flash, now AIR) and Apple (Quicktime and iTunes) would be the next  target, and it is being confirmed.  I heard on RSA that Adobe has a good security posture as a company (Dan Kaminski mentioned during his presentation that Adobe was acting very proactive and fast about a vulnerability he found) , but I still haven't found the same posture from Apple. Do we need to wait for a "iTunes worm" before Apple starts to take this matter seriously?