[sldev] Latest SL / Quicktime issue in the news...
Argent Stonecutter
secret.argent at gmail.com
Mon Dec 3 06:48:42 PST 2007
On 03-Dec-2007, at 08:35, Mitch McKenzie wrote:
> Perhaps someone on this list would take a stab at explaining how this
> issue is an Apple issue and not a Second Life issue?
The attack involves using a bug in Quicktime to inject software
(actual binary machine code) into the copy of Quicktime running on
your computer and trick Quicktime into running it. Once they are
running their code on your computer they are "you" as far as your
computer is concerned. They can do anything on your computer that you
can, including patching the copy of Second Life running on your
computer and sending commands from your logged in account as if you
were making them. There is nothing Linden Labs can do about this
other than disabling Quicktime streaming (and that is what I believe
they should have done).
More information about the SLDev
mailing list