Yesterday, MySpace's chief security officer Hemanshu Nigam contacted Apple to request a fix to plug the hole, even though it was a flaw of MySpace in combination with a legit feature of QuickTime that caused all the damage. Apple is reportedly working on a fix, but for now the two companies have ironed out some workarounds, such as blocking all the phishing URLs and scrubbing their network for compromised profiles.
On a side note: what exactly does one gain from harvesting MySpace account logins? Wouldn't oh, say, credit card numbers be a little more productive? I know there's a lot of kids out there who bank on whether they're in some people's top 8 spaces, but I'm still having a hard time seeing how or why phishers would deal in the same currency.