Just when you thought things couldn’t get glitchier,Linden Lab have announced a further flaw in the SL viewer. QuickTime is integral to video streaming in-world and that’s the source of the flaw. Read the blog post for more details.
Update (22nd December 2007): Linden Lab have released an optional viewer update that will ascertain if you remain susceptible to the flaw.
Lowell Cremorne says
Hi Dogma – you’re right that QuickTIme is the culprit. My heads-up was purely to warn SL users that using their viewer contained risk at this stage until they turn off video streaming 😉
Lowell Cremorne says
Hi Dogma – you’re right that QuickTIme is the culprit. My heads-up was purely to warn SL users that using their viewer contained risk at this stage until they turn off video streaming 😉
Dogma says
Attention! If you are reporting on security flaws maybe you should get your facts straight before. This is not Linden Labs Issue, it’s an issue with the code of Apple Quicktime, hence you can be hit with this streaming video from any malicious webpage with quicktime on MAC OSX or XP SP2, not only in SecondLife.
http://www.kb.cert.org/vuls/id/659761
Dogma says
Attention! If you are reporting on security flaws maybe you should get your facts straight before. This is not Linden Labs Issue, it’s an issue with the code of Apple Quicktime, hence you can be hit with this streaming video from any malicious webpage with quicktime on MAC OSX or XP SP2, not only in SecondLife.
http://www.kb.cert.org/vuls/id/659761
Dogma says
“Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms.”
Dogma says
“Testing indicates that QuickTime versions 4.0 through 7.3 are vulnerable on all supported Mac and Windows platforms.”
Dogma says
Yes I understood that too, but I find it equally important too alert people that it is not in SL itself the problem arises, you could be hit by malicious code in Opera,IE, FireFox … any browser Using Apple Quicktime while streaming from an RSTP source is where the exploit happen, by triggering code from a stack overflow.
So I just wanted too point out that it is not just when being in SL, streaming video could compromise your computer.
Dogma says
Yes I understood that too, but I find it equally important too alert people that it is not in SL itself the problem arises, you could be hit by malicious code in Opera,IE, FireFox … any browser Using Apple Quicktime while streaming from an RSTP source is where the exploit happen, by triggering code from a stack overflow.
So I just wanted too point out that it is not just when being in SL, streaming video could compromise your computer.