Click to Play

Facebook: The Scrooge of 2007?
WebProNews speaks with Adam Green, MoveOn’s Spokesperson for Civic Action and Matthew Helfgott about Facebook Beacon's privacy concerns.

Recent Articles

Is Media Relations Dead On The Web?
With all of the recent hype in the world of online public relations (sometimes known as PR 2.0)...

NBC Getting Things Right
It's time we recognize some of the things people are doing right (aside from buying 1.6% of Facebook)...

Senate Shields Bloggers, Too
In August, the House was hard at work on a federal journalist shield bill-that extended to...

Enterprise Social Media Forecast & Analysis
Having been a consultant regarding online media for over a decade, I am constantly growing very weary...

12.03.07


Security Flaw Hits SecondLife

By Dan Morrill

Linden Labs is advising users that the not fixed security flaw with QuickTime is influencing their users.

While this information is a little old, apple has still not patched the flaw that was released as an exploit on the 27th of November.

It would be simple enough to deinstall QuickTime until a patch comes out, but then every website that uses QuickTime to share video or advertising will suddenly have a whole.

The problem is that there is no patch fix posted to date.
We were alerted a short time ago that a QuickTime exploit has been discovered which may allow an attacker to crash or exploit the Second Life viewer.

The Second Life viewer uses Apple QuickTime to play videos and streaming media. This exploit affects QuickTime usage on every platform that uses it, and to date, Apple has not released a fix for the exploit. Second Life Blog
This is what makes it interesting, and why apple needs to develop and issue a patch sooner rather than later. As the dependency tree on this one would cause people to abandon the software until it can be fully patched.

FREE Setup and FREE RAM! - Promotional Code:
OMIYM - Click here today!

This means that users will move onto other media formats, and might not cross back to apple formats when the issue has been patched.

The attack is a simple buffer overflow that crashes the browser or stand alone player. Symantec reports that it does not carry any real malware other than crashing the application at the time of posting.

This does not mean that others will not be modifying the public code to do more evil things along the way.

Given that this is now five days old, there are probably POC code out there that carries a more traditional malware package.

In the longer run, the whole apple video system is probably going to see a drop off in adoption until the patch is released.
Comments

About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management.

Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
About InternetProNews
News and updates for the internet professional

InternetProNews is brought to you by:

WebProNews.com Jayde.com
MarketingNewz.com SalesNewz.com
CareerNewz.com InvestNewz.com
eCommNewz.com WebsiteNotes.com
AdvertisingDay.com ManagerNewz.com
SoHoDay.com CRMNewz.com


-- InternetProNews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc. All Rights Reserved Privacy Policy Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


InternetProNews News Archives About Us Feedback InternetProNews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact