Second Life users warned of QuickTime flaw

Second Life users are being warned today (and the rest of you should be aware as well) that there's a security issue with Apple's QuickTime that allows an attacker to potentially crash or attempt to inject code into the software under which QuickTime is running. That would be your web-browser, or Second Life viewer, for example.

Second Life uses QuickTime to stream video - though not from Linden Lab's servers. All video in Second Life comes from other sites and from web-sites controlled by users.

Linden Lab suggest that they have a way of auditing streams (I can think of at least one method) and will take action against any user operating malicious streams. The flaw apparently additionally allows people to potentially steal your account credentials.

While Apple does not presently have any fix available for the problem with QuickTime, there are two ways you can limit your exposure to this security flaw.

One is to open the Second Life preferences (you can do this from the login screen without having to log in) , select Audio & Video, then make sure that Play Streaming Video When Available is not checked.

The other method is to add a space followed by -noquicktime to the startup options in your Second Life viewer shortcut. This has the additional advantage of generally speeding up your load times and boosting frame-rates a little.

The rest of you should be careful out on the Web if you have QuickTime installed on your system.