AusCERT have just issued a warning that MySpace users are currently being targeted by a Worm using QuickTime HREFTracks containing Javascript. As QuickTime doesn’t allow you to turn off the execution of Javascript in HREFTracks, the worm can propagate through any machine with QuickTime installed that browses an infected page, without user interaction. Simply having an infected person in your MySpace friends list can be sufficient to get infected. The worm is collecting MySpace logins and passwords.
I’d expect Apple will be releasing a QuickTime update RSN.