• On MovieTome: See the villain of IRON MAN 2!
December 6, 2006 12:13 PM PST

MySpace gets into Apple patch pickle

by Joris Evers
  • Font size
  • Print
  • Post a comment

MySpace.com and Apple Computer are demonstrating how not to deliver security fixes.

In response to a worm attack that hit the social-networking site over the weekend, MySpace has made available a security update to Apple Computer's QuickTime media player. Users who might need the fix are being told to go to a special MySpace.com page via a message that appears on their MySpace home page from Tom, the company's co-founder and everybody's first "friend" on the site.

On that special page, MySpace instructs its users to ignore an Internet Explorer security warning and install "QuickTime" from "Apple Computer, Inc." The MySpace QuickTime update page looks like any other page on the social-networking site; there is no special security section on MySpace.

This is causing confusion among MySpace users, who rightfully question whether the update is legitimate. After all, security updates for QuickTime should come from Apple, not from MySpace. Many Internet users know of the scams on the Net that take the guise of security updates but are in fact malicious programs.

"I got this announcement on my front page and it struck me as odd immediately," writes one MySpace user on a MySpace bulletin board about the message from Tom. Others also wonder whether the note is legitimate. "There's been way too much craziness on here lately," writes another MySpace user.

MySpace, though, insists on teaching Internet users bad habits.

The company responded to the confusion on Tom's blog. "Yes the link/update is legit, and yes the message about it on your homepage is really from me," Tom writes. "You cannot get the update from QuickTime's Web site yet. Get it here." The blog also instructs people to click through the security Internet Explorer security warnings.

Brian Krebs at The Washington Post also criticizes MySpace and Apple for a "completely fumbled" patch rollout.

MySpace on Tuesday asked Apple to update its QuickTime media player software so it can't be used in attacks on the site. The request came after a worm in the form of a rigged QuickTime movie crawled onto MySpace.com over the weekend, changing people's MySpace profiles. The worm spread because of QuickTime's support for JavaScript code.

Apple provided MySpace with a temporary fix and said it would be up to the social-networking site to offer it to users. Initially MySpace did not respond to an inquiry from CNET News.com as to when the solution would be available to users, but later it appeared on the MySpace Web site.

The current fix appears to only work for IE users, while the problem can also affect users of other Web browsers. Apple has said it is working on a broader solution for all users, but has not said how that would be delivered.

Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
advertisement

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right