MySpace releases temporary QuickTime fix

MySpace is “distributing a temporary fix for an Apple QuickTime vulnerability affecting users of the popular social networking site,” Dan Kaplan reports for SC Magazine.

Kaplan reports, “The patch, not hosted by Apple, addresses a flaw related to JavaScript support functionality in the QuickTime video player. Attackers can exploit the feature to launch a blended cross-site scripting attack that, if successful, steals users’ log-in credentials and installs adware on their machines.”

“According to published reports, Apple is working on a permanent fix for the problem. A company spokesperson could not immediately be reached for comment today to explain why MySpace was charged with releasing the temporary patch,” Kaplan reports.

More info in the full article here.

Related MacDailyNews articles:
Apple working with MySpace on QuickTime JavaScript worm fix – December 05, 2006
QuickTime JavaScript worm spreads via MySpace – December 04, 2006

13 Comments

  1. So, does this mean we’ve now seen the first documented cases of Mac malware infestation? Huh? Someone???
    P.S. It would be interesting to understand a bit better why the article suggests that vulnerable users are running Quicktime and Internet Explorer…

  2. From what I understand about this, its not a flaw with Quicktime, its a flaw with MySpace. Quicktime has had the ability to embed JavaScript for years. Its the interaction of that JavaScript with MySpace that is the problem, not Quicktime’s ability to use JavaScript. That’s why it is MySpace’s responsibility to safeguard its users against the threat of a JavaScript attack.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.