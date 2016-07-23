You know how they say most crime victims know their attacker? Two incidents this week suggest this holds true in the case of cyber-crime too.

The culprit in both cases was none other than Apple — not some sketchy Android app created who-knows-where. It turns out the iPhone’s software contains a “very high severity issue” that could let hackers steal passwords with nothing more than a text message. Meanwhile, a second vulnerability allows snoops to exploit FaceTime and listen in on your calls.

Apple has issued patches for both problems but this won’t help unless you, and this is probably worth shouting: UPDATE YOUR SOFTWARE. After all, those update notifications on your phone aren’t there for nothing.

The Apple incidents are also a reminder of the value of bug bounty programs that companies use to pay people to expose their software flaws. It might cost firms a tad of money and embarrassment, but it’s infinitely better than letting bad guys find the flaws first. If you have doubts, take it from Google’s former head of spam, who brought up bug bounties in the context of a clever phone scam:

Bug bounties are a good idea, part 927: https://t.co/32VMIvrH9x — Matt Cutts (@mattcutts) July 22, 2016

Finally, I should introduce myself: I’m Fortune‘s legal reporter, Jeff John Roberts, and I’m thrilled to say I’ll be teaming up with Robert to build up our cyber-security coverage. Robert will be back next week. In the meantime, enjoy your weekend — and download those updates.

More news below.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.