Quick Time Exploit giving up passwords

[floatingspirit]

http://www.networkworld.com/news/20...s-myspace.html?nlhtbug=0319bug2&company=Cisco

Here's the news.

This seems to be hitting MySpace users and digging info out of their Macs.

"But apparently not every QuickTime user has updated to the patched Version 7.1.5; the most recent exploit again uses HREF to embed malicious JavaScript in a QuickTime movie posted on a MySpace page."

 

[epochblue]

I only skimmed the article, but it looks like the exploit they're talking about was one of the "bugs" mentioned in the Month of Apple Bugs business.

Also, according to the article, this "bug" was patched in the Security Update (2007-002) that went out on March 5. So, as long as you're up to date on your patches, you should be fine.

Also, MySpace, for the most part, is a cesspool that should be avoided

 

[killmoms]

It's just another cross-site scripting attack, which really can never be eliminated in QuickTime unless they want to kill the possibly USEFUL functionality allowed by cross-site scripting. I was under the impression that MySpace just needed to disallow cross-site scripting on their site.