MySpace releases temporary QuickTime fix

MySpace is “distributing a temporary fix for an Apple QuickTime vulnerability affecting users of the popular social networking site,” Dan Kaplan reports for SC Magazine.

Kaplan reports, “The patch, not hosted by Apple, addresses a flaw related to JavaScript support functionality in the QuickTime video player. Attackers can exploit the feature to launch a blended cross-site scripting attack that, if successful, steals users’ log-in credentials and installs adware on their machines.”

“According to published reports, Apple is working on a permanent fix for the problem. A company spokesperson could not immediately be reached for comment today to explain why MySpace was charged with releasing the temporary patch,” Kaplan reports.

More info in the full article here.

Related MacDailyNews articles:
Apple working with MySpace on QuickTime JavaScript worm fix – December 05, 2006
QuickTime JavaScript worm spreads via MySpace – December 04, 2006

13 Comments

  1. So, does this mean we’ve now seen the first documented cases of Mac malware infestation? Huh? Someone???
    P.S. It would be interesting to understand a bit better why the article suggests that vulnerable users are running Quicktime and Internet Explorer…

  2. From what I understand about this, its not a flaw with Quicktime, its a flaw with MySpace. Quicktime has had the ability to embed JavaScript for years. Its the interaction of that JavaScript with MySpace that is the problem, not Quicktime’s ability to use JavaScript. That’s why it is MySpace’s responsibility to safeguard its users against the threat of a JavaScript attack.

  3. “It’s already been reported as a flaw in MySpace, and simply an exploitation of QT’s support of Javascript…. how sad that they put the spin on it that it’s a flaw with QT.”

    Any Windows application macro viruse simply “exploits” tha macro capability of the app. Sorry guys, Building in the capability into QT to run unsafe code on your PC without asking is a QT problem. Today MySpace. Tomorrow the world.

  4. You guys aren’t very bright. It IS a quicktime exploit. Coupled with xss on myspace it can be used to compromise profiles. Actually do your research before you try to blame myspace! It’s not all their fault, only halfway… Apple is totally to blame.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.