As I indicated in a prior posting, we became aware of a serious flaw in Apple’s QuickTime software that could cause maliciously crafted movies to either crash your Second Life viewer or, more seriously, to execute arbitrary code contained within the stream. We had warned to take caution when enabling movie playback within the viewer.
The good news is Apple has recently released a patch for this issue and it will appear in Apple’s Software Update utility as QuickTime 7.3.1 or it is available here as a separate download for your system. If you have not already done so, it’s important to apply that patch as soon as possible to protect yourself from this exploit when using any application or browser, not just Second Life.
We have now released a version of the viewer that will verify you are running a version of QuickTime that is safe from exploits of this type.
This release candidate is an optional update (for now) that will test for the latest version of QuickTime before enabling streaming video. If an older, non-patched verison of QT is found, the viewer will disable video streaming and display a message:
This version of the viewer will be optional for the holidays, so if you choose not to transition to this pre-production viewer, please take a moment to update your copy of QuickTime before enabling video streaming.