Six Apart Releases Movable Type Updates To Plug Security Holes, Following PBS Hack

In a message posted on its corporate blog earlier this morning, blogging software maker Six Apart essentially admitted that security holes in its Movable Type product(s) are to be blamed for the recent, prominent hacking and defacement of the website, which occurred at the end of last month.

Hackers aligned with WikiLeaks at the end of May managed to break into and deface the US broadcaster’s website after it had aired a controversial documentary called WikiSecrets about the whistle-blowing site.

LulzSec, the hacker group that claimed responsibility for the action (and the same group that has been harassing Fox, Sony and Nintendo lately), in a recent interview with Forbes said that the attack was made possible thanks to PBS’s “outdated” content management system.

The hackers had managed to publish a fake report on the PBS website, claiming that legendary rapper Tupac was alive and well living in New Zealand (screenshot below).

The content management system used by PBS was, in fact, Six Apart’s Movable Type software, as had been pointed out by some over the past week.

Today, the company issued the first Movable Type update since the PBS hacking case. Mandatory security updates for Movable Type 4.3, 5.0, and 5.1 were released this morning.

The company says the impact of the vulnerabilities in its products did in fact allow hackers to “create, read or modify the contents in the system under certain circumstances”.

Suggest you update asap.