We were alerted a short time ago that a QuickTime exploit has been discovered which may allow an attacker to crash or exploit the Second Life viewer. The Second Life viewer uses Apple QuickTime to play videos and streaming media. This exploit affects QuickTime usage on every platform that uses it, and to date, Apple has not released a fix for the exploit.
At this time we advise that you disable streaming video playback in the Second Life viewer except when you are attending a known and trusted venue. To do this, just open the Preferences dialog, and uncheck the “Play Streaming Video When Available” checkbox on the “Audio & Video” tab.
We do have the ability to turn off all videos on the grid, but have instead chosen to respect the existing in-world content and experiences which rely on streaming video, as we know that many of you enjoy these. We do recommend that you employ caution when using QuickTime in Second Life, only enabling it in environments that you trust, and are familiar with.
We are able to track attacks, and rest assured, if we discover a malicious stream, we will vigorously pursue the attacker. This will include account termination and legal action if appropriate, as well as the appropriate assistance for affected Residents.
The bug is in QuickTime, and not in the Second Life viewer. When Apple has submitted a fix, we will integrate it into the viewer as quickly as possible, and will notify everyone once this has been done.