A new exploit called Evilgrade takes advantage of automatic updaters to install malicious code on unsuspecting systems.

Evilgrade is designed as a modular framework that accepts plug-ins capable of mounting attacks on a variety of software packages employing their own auto-update procedures. Currently targets include the Java browser plug-in, WinZip, Winamp, OpenOffice.org, the LinkedIn Toolbar, iTunes, and Mac OS X, among others.