For some time it has been known that there was a security flaw in the Ogg Vorbis library that the Second Life viewer uses for decoding some audio data. It isn’t a new problem, as developers have known about the flaw since about 2009 but never gave it much mind as there was no real opportunity to exploit the flaw.

However, yesterday things changed, when Linden Lab’s Oz Linden sent an email out to third-party viewer developers.

The Lab apparently believes that there is now an exploit ‘in the wild’ in Second Life for this particular security flaw and has provided pointers to patched upstream sources and binaries. So far as Linden Lab is aware, the exploit so far has only been able to crash Second Life viewer software, and not to perform privilege-escalation or arbitrary code-execution on users’ systems.

The flaw can apparently be triggered through streaming media or in-world sound files (like those used for gestures).

Keep an eye on your Second Life viewer vendor for updated software.

Share this: Twitter

Google

Facebook

Reddit

Tumblr

More

LinkedIn

Pocket



Pinterest

Print





Tags: Exploit, Linden Lab / Linden Research Inc, Ogg Vorbis, Oz Linden, Risks, Second Life, Security, Virtual Environments and Virtual Worlds