Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world.
Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first iPhone code execution exploit) cooked up the QuickTime/Second Life attack during an investigation of the security of online games.
It works against QuickTime 7.3 (the latest) and Second Life 1.18.4(3)."All the victim has to do is have video enabled and enter a piece of land owned by the attacker," Miller said, noting that any Second Life player wandering near the attacker will have their pockets picked and then yell "I got hacked!"
5 Comments - Add comment