This week in Apple security news, Apple has released 10.8.3 which among other things fixes a major security hole in Java that allows a java applet to execute code in the browser even if Java is disabled in the browser. Apple has also released iOS 6.1.3 which fixes a webkit flaw that would have allowed arbitrary code to be run in Safari on iOS devices.
However, not all is sunny in the land of Apple. There is a new trojan that is targeting Safari, Firefox and Chrome browsers on Mac OS-X. This trojan is called Trojan.Yontoo.1 and is targeting only Macs. The trojan is installed when a user visits an infected website that prompts them to install a plugin called "Free Twit Tube" or similar. Once installed the plugin injects adware iframes into webpages. If a user clicks one of these ads, it directs them to other malicious sites. This is disturbing because this targets Macs directly. It can also effect ALL users on the Mac, if you have multiple users on the system. Read more about the trojan here.
The moral of this is: Don't install something that you don't know where it came from.