Submit Your Article Blog Networking Tips
Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact

Security Flaw Hits SecondLife

By Dan Morrill
Expert Author
Article Date: 2007-12-03

Linden Labs is advising users that the not fixed security flaw with QuickTime is influencing their users.

While this information is a little old, apple has still not patched the flaw that was released as an exploit on the 27th of November.

It would be simple enough to deinstall QuickTime until a patch comes out, but then every website that uses QuickTime to share video or advertising will suddenly have a whole.

The problem is that there is no patch fix posted to date.
We were alerted a short time ago that a QuickTime exploit has been discovered which may allow an attacker to crash or exploit the Second Life viewer. The Second Life viewer uses Apple QuickTime to play videos and streaming media. This exploit affects QuickTime usage on every platform that uses it, and to date, Apple has not released a fix for the exploit. Second Life Blog
This is what makes it interesting, and why apple needs to develop and issue a patch sooner rather than later. As the dependency tree on this one would cause people to abandon the software until it can be fully patched.

This means that users will move onto other media formats, and might not cross back to apple formats when the issue has been patched.

The attack is a simple buffer overflow that crashes the browser or stand alone player. Symantec reports that it does not carry any real malware other than crashing the application at the time of posting. This does not mean that others will not be modifying the public code to do more evil things along the way. Given that this is now five days old, there are probably POC code out there that carries a more traditional malware package.

In the longer run, the whole apple video system is probably going to see a drop off in adoption until the patch is released.

Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.

InternetProNews
PromoteNews
MarketingNewz

Send me relevant info on products and services.



Get Your Site
Submitted for Free
in the World's Largest
B2B Directory!

Email Address:
*URL:
*

*Indicates Mandatory Field

Terms & Conditions
Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact
InternetProNews is an iEntry Network® publication - 1998-2009 All Rights Reserved Privacy Policy and Legal
Security Flaw Hits SecondLife