• About us…

  • The archives

  • RSS The Gaming Session

  •  Better and faster with IPv6

  • ipv6 ready

That breed can turn on you For some time it has been known that there was a security flaw in the Ogg Vorbis library that the Second Life viewer uses for decoding some audio data. It isn’t a new problem, as developers have known about the flaw since about 2009 but never gave it much mind as there was no real opportunity to exploit the flaw.

However, yesterday things changed, when Linden Lab’s Oz Linden sent an email out to third-party viewer developers.

The Lab apparently believes that there is now an exploit ‘in the wild’ in Second Life for this particular security flaw and has provided pointers to patched upstream sources and binaries. So far as Linden Lab is aware, the exploit so far has only been able to crash Second Life viewer software, and not to perform privilege-escalation or arbitrary code-execution on users’ systems.

The flaw can apparently be triggered through streaming media or in-world sound files (like those used for gestures).

Keep an eye on your Second Life viewer vendor for updated software.

Tags: , , , , , , ,

Got a news tip or a press-release? Send it to news@taterunino.net.
Read previous post: