[sldev] Latest SL / Quicktime issue in the news...

Argent Stonecutter secret.argent at gmail.com
Mon Dec 3 06:48:42 PST 2007


On 03-Dec-2007, at 08:35, Mitch McKenzie wrote:
> Perhaps someone on this list would take a stab at explaining how this
> issue is an Apple issue and not a Second Life issue?

The attack involves using a bug in Quicktime to inject software  
(actual binary machine code) into the copy of Quicktime running on  
your computer and trick Quicktime into running it. Once they are  
running their code on your computer they are "you" as far as your  
computer is concerned. They can do anything on your computer that you  
can, including patching the copy of Second Life running on your  
computer and sending commands from your logged in account as if you  
were making them. There is nothing Linden Labs can do about this  
other than disabling Quicktime streaming (and that is what I believe  
they should have done).



More information about the SLDev mailing list