Exploiting QuickTime flaws in ‘Second Life’
WASHINGTON–Researchers Charlie Miller of Independent Security Evaluators, and Dino Dai Zovi, turned their attention to Second Life during a Saturday morning presentation at ShmooCon, an East Coast computer hacking conference. The researchers didn’t exploit a flaw within Linden Labs’ Second Life, but within QuickTime. They showed how an attacker could make money stealing from innocent Second Life victims.
Miller and Zovi are both experienced with flaws within Apple products. Miller published the first Apple iPhone flaw shortly after its release. At last year’s CanSecWest security conference, Zovi exploited a QuickTime flaw to win a “PWN to Own” hack-a-Mac contest. While Second Life does not install QuickTime, it invites users to install the player if they want to see multimedia files within Second Life.
Full story: news.com