Quick Time Exploit giving up passwords

floatingspirit · Mar 22, 2007

http://www.networkworld.com/news/20...s-myspace.html?nlhtbug=0319bug2&company=Cisco

Here's the news.

This seems to be hitting MySpace users and digging info out of their Macs.

"But apparently not every QuickTime user has updated to the patched Version 7.1.5; the most recent exploit again uses HREF to embed malicious JavaScript in a QuickTime movie posted on a MySpace page."

epochblue · Mar 22, 2007

I only skimmed the article, but it looks like the exploit they're talking about was one of the "bugs" mentioned in the Month of Apple Bugs business.

Also, according to the article, this "bug" was patched in the Security Update (2007-002) that went out on March 5. So, as long as you're up to date on your patches, you should be fine.

Also, MySpace, for the most part, is a cesspool that should be avoided

killmoms · Mar 22, 2007

It's just another cross-site scripting attack, which really can never be eliminated in QuickTime unless they want to kill the possibly USEFUL functionality allowed by cross-site scripting. I was under the impression that MySpace just needed to disallow cross-site scripting on their site.

Quick Time Exploit giving up passwords

floatingspirit macrumors 6502

epochblue macrumors 68000

killmoms macrumors 68040

Share This Page

Touch Arcade

YouTube

Useful Searches

Quick Time Exploit giving up passwords

floatingspirit macrumors 6502

epochblue macrumors 68000

killmoms macrumors 68040

Share This Page