Real to offer fix for RealPlayer security flaw

Written by James Delahunty @ 20 Oct 2007 6:16 User comments (2)

RealNetworks Inc. has announced that a fix will be made available for a critical unpatched vulnerability in the RealPlayer software. Symantec Corp. researchers discovered yesterday that the vulnerability was already being exploited by malware authors. "Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec," wrote RealNetworks General Manager of Product Development Russ Ryan, in a Friday blog posting.

He added: "Real will make this patch available to users via this blog and our security update page later today." He said that users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version or the RealPlayer 11 beta code and install the patch. The attack exploits a flaw in an ActiveX browser helper object, affecting only Internet Explorer users running Windows.

"The exploit itself is embedded in advertisements that were being served by 247realmedia.com," Symantec said in a note on its DeepSight threat management system. "The redirection to the exploit page... was accomplished through an iFrame embedded in each advertisement."

Source:
Yahoo (PC World)

<Cyberlink PowerDVD certified for playback of BD-RE 3.0 format >Update: IFPI and Pirate Bay to do battle over domain name

2 user comments

124.10.2007 02:53

borhan9

Send private message to this user

AfterDawn Addict

I prefer the real player alternatve because its smaller and easier to use and does not have ad support.

225.10.2007 14:05

MattSpra

Send private message to this user

Newbie

RealNetworks has issued a patch for this vulnerability that users can download here -
http://service.real.com/realplayer/security/191007_player/en/

For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog/

Matt Spragins
Real Networks

This message has been edited since its posting. Latest edit was made on 25 Oct 2007 @ 8:27

Comments have been disabled for this article.

	YouTube Premium starts showing ads to subscribers (13 Nov 2024 3:09) For years, YouTube Premium has been marketed as a way to enjoy an ad-free YouTube experience. But apparently, that is no longer the case, as Premium subscribers are now starting to see ads on the platform.
	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment

Real to offer fix for RealPlayer security flaw

2 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.