Beware: Second Life viewer flaw

Just when you thought things couldn’t get glitchier,Linden Lab have announced a further flaw in the SL viewer. QuickTime is integral to video streaming in-world and that’s the source of the flaw. Read the blog post for more details.

Update (22nd December 2007): Linden Lab have released an optional viewer update that will ascertain if you remain susceptible to the flaw.

Comments

  1. Hi Dogma – you’re right that QuickTIme is the culprit. My heads-up was purely to warn SL users that using their viewer contained risk at this stage until they turn off video streaming 😉

  2. Hi Dogma – you’re right that QuickTIme is the culprit. My heads-up was purely to warn SL users that using their viewer contained risk at this stage until they turn off video streaming 😉

  3. Attention! If you are reporting on security flaws maybe you should get your facts straight before. This is not Linden Labs Issue, it’s an issue with the code of Apple Quicktime, hence you can be hit with this streaming video from any malicious webpage with quicktime on MAC OSX or XP SP2, not only in SecondLife.

    http://www.kb.cert.org/vuls/id/659761

  4. Attention! If you are reporting on security flaws maybe you should get your facts straight before. This is not Linden Labs Issue, it’s an issue with the code of Apple Quicktime, hence you can be hit with this streaming video from any malicious webpage with quicktime on MAC OSX or XP SP2, not only in SecondLife.

    http://www.kb.cert.org/vuls/id/659761

  5. “Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms.”

  6. “Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms.”

  7. Yes I understood that too, but I find it equally important too alert people that it is not in SL itself the problem arises, you could be hit by malicious code in Opera,IE, FireFox … any browser Using Apple Quicktime while streaming from an RSTP source is where the exploit happen, by triggering code from a stack overflow.

    So I just wanted too point out that it is not just when being in SL, streaming video could compromise your computer.

  8. Yes I understood that too, but I find it equally important too alert people that it is not in SL itself the problem arises, you could be hit by malicious code in Opera,IE, FireFox … any browser Using Apple Quicktime while streaming from an RSTP source is where the exploit happen, by triggering code from a stack overflow.

    So I just wanted too point out that it is not just when being in SL, streaming video could compromise your computer.

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Posts