MySpace is “distributing a temporary fix for an Apple QuickTime vulnerability affecting users of the popular social networking site,” Dan Kaplan reports for SC Magazine.
Kaplan reports, “The patch, not hosted by Apple, addresses a flaw related to JavaScript support functionality in the QuickTime video player. Attackers can exploit the feature to launch a blended cross-site scripting attack that, if successful, steals users’ log-in credentials and installs adware on their machines.”
“According to published reports, Apple is working on a permanent fix for the problem. A company spokesperson could not immediately be reached for comment today to explain why MySpace was charged with releasing the temporary patch,” Kaplan reports.
More info in the full article here.
Related MacDailyNews articles:
Apple working with MySpace on QuickTime JavaScript worm fix – December 05, 2006
QuickTime JavaScript worm spreads via MySpace – December 04, 2006
