Mac OS X is largely free of computer viruses. This does not mean, however, that every piece of software Apple has ever written is safe from the threat. This point was reiterated with the mergence of the MySpace QuickTime XSS Worm, which teams up a MySpace scripting exploit with an exploit on QuickTime's javascript support to go through and replace the links on MySpace pages with links to Phishing sites.
Your ebay account has been compromised! Send me $1,000 to confirm your account details!
Whoa, that was close. It would appear the virus has hit home here, too! You can read more about how the exploit works here, but put simply, HREF Tracks, a feature Apple created to add interactivity to QuickTime movies. But it's also totally easy to use for evil, and a fix isn't out there yet.
It also raises an interesting problem I hadn't contemplated before – as more and more of our data migrates off of our computers and onto the Internet, the vulnerability of Web sites themselves will become increasingly important relative to the vulnerability of our operating systems. If my Flickr account lost all its photos and replaced them all with NSFW images, does it matter to me that the data on my computer is safe when I get a concerned and angry phone call from my parents? No, not at all.
As online apps like Google Spreadsheets and Calendar take hold, their security matters to me a lot more than if the firewall on my own Mac will keep malicious users out of my stuff. None of what I'm saying is surprising, I'm sure, but this problem frames the issue in a way I hadn't considered. Which is more important to you: The security of your PC or your online data?
Malicious Website / Malicious Code: MySpace XSS QuickTime Worm [WebSense]
Via Macintouch.
