This comes just days after Six Apart announced a security upgrade for all Movable Type versions. The most likely scenario is that someone reverse-engineered the security fixes to discover which vulnerabilies were patched and then exploited them.PBS.org was owned via a 0day we discovered in mt4 aka MoveableType 4
This illustrates how important it is to keep up with security updates. Fortunately for Movable Type users, these tend to be quite infrequent and they mostly fix vulnerabilities that were discovered by Six Apart itself. Here is an overview of recent security related updates:
- The most recent one, coinciding with the release of MT 5.1, May 2011
- 5.0.4 and 4.35 in December 2010
- 5.0.2, in May 2010
- 4.34 in February 2010
As you can see, in over a year there were just three required security updates if you ran MT 4.x, or also just three updates if you ran MT 5.x.
Upgrading is not that hard, actually, and it keeps your installation safe!
(And if you need professional help with your upgrade because your installation is very large or complex, just contact YesItCan.be, because yes, it can be upgraded!)