“MySpace.com wants Apple Computer to update its QuickTime media player software so it can’t be used in attacks on the social-networking site,” Joris Evers reports for CNET News.
Evers reports, “The request comes after a worm in the form of a rigged QuickTime movie crawled on MySpace.com over the weekend, changing people’s MySpace profiles. The worm spread because of QuickTime’s support for JavaScript code, experts have said. ‘When we learned about an issue that exploits a feature in QuickTime and unfortunately targets MySpace users, we immediately contacted Apple to engineer a fix,’ Hemanshu Nigam, chief security officer at MySpace, said in an e-mail statement Tuesday.”
Evers reports, “Apple is working on a QuickTime fix, but has a temporary solution available Tuesday, company spokeswoman Lynn Fox said in an e-mail. ‘Recently we learned about an issue that exploits a feature in QuickTime used to target MySpace users. We have devised a way to disable this QuickTime feature for those who use Internet Explorer. We are working on a broader solution for all other users as well,’ Fox said in the e-mail.”
Evers reports, “Apple said it has provided MySpace with the temporary fix. The computer company said it would be up to the social-networking site to offer it to users. MySpace has not responded to an inquiry from CNET News.com as to when the temporary solution would be available to users.”
Full article here.
Related MacDailyNews article:
QuickTime JavaScript worm spreads via MySpace – December 04, 2006