Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world.
Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first iPhone code execution exploit) cooked up the QuickTime/Second Life attack during an investigation of the security of online games.
It works against QuickTime 7.3 (the latest) and Second Life 1.18.4(3).”All the victim has to do is have video enabled and enter a piece of land owned by the attacker,” Miller said, noting that any Second Life player wandering near the attacker will have their pockets picked and then yell “I got hacked!”
View: Full Article @ ZDNet Zero Day
Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first iPhone code execution exploit) cooked up the QuickTime/Second Life attack during an investigation of the security of online games.
It works against QuickTime 7.3 (the latest) and Second Life 1.18.4(3).”All the victim has to do is have video enabled and enter a piece of land owned by the attacker,” Miller said, noting that any Second Life player wandering near the attacker will have their pockets picked and then yell “I got hacked!”
View: Full Article @ ZDNet Zero Day
It works against QuickTime 7.3 (the latest) and Second Life 1.18.4(3).”All the victim has to do is have video enabled and enter a piece of land owned by the attacker,” Miller said, nothing that any Second Life player wandering near the attacker will have their pockets picked and then yell “I got hacked!”
That "h" should not be there.
lol
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.