MySpace wants Apple to fix QT "worm"

Discussion in 'Apple, Inc and Tech Industry' started by captoats85, Dec 5, 2006.

  1. captoats85 macrumors member

    Feb 15, 2006
    #1 wants Apple Computer to update its QuickTime media player software so it can't be used in attacks on the social-networking site.

    The request comes after a worm in the form of a rigged QuickTime movie crawled on over the weekend, changing people's MySpace profiles. The worm spread because of QuickTime's support for JavaScript code, experts have said.

    "When we learned about an issue that exploits a feature in QuickTime and unfortunately targets MySpace users, we immediately contacted Apple to engineer a fix," Hemanshu Nigam, chief security officer at MySpace, said in an e-mail statement Tuesday.

    When viewed by a MySpace user in Internet Explorer or Firefox, the specially crafted QuickTime video added itself to the user's MySpace page and replaced the links on the user's profile with links to phishing Web sites. The malicious software, dubbed Quickspace by F-Secure, infected a large, but unspecified number of MySpace users, according to the Finnish security company.
  2. backsidetailsli macrumors 65816


    Aug 1, 2006
    i guess apple are the only one that can fix it
  3. MisterMe macrumors G4


    Jul 17, 2002
    From everything that I know of it, this is a JavaScript vulnerbility, not a QuickTime vulnerability, per se. I don't see why other JavaScript-enabled content embedded in a page would not cause similar problems. I am confident that Apple and the JavaScript community will do everything they can to end this problem. However, I believe that the real problems lie with MySpace and its notoriously poorly coded website. No one else is suffering from this problem and MySpace knows it.
  4. bousozoku Moderator emeritus

    Jun 25, 2002
    Gone but not forgotten.
    MySpace isn't coded well with all of the site's Internet Exploder-oriented code. It's sad, but in placing blame, they're probably trying to lessen all the publicity connected with the various sexual abuse cases related to MySpace users.

    The fact that Apple made a feature so that you could use JavaScript from within a QuickTime movie doesn't guarantee that it will be used wisely or in trustworthy fashion.

    I once clicked on a button that caused JavaScript to be executed that re-wrote part of my profile. Should I blame Mozilla for that? It's the fault of MySpace for allowing the profile to be so readily accessed and modified without my explicit consent.

Share This Page