AfterDawn: Tech news

Real to offer fix for RealPlayer security flaw

Written by James Delahunty @ 20 Oct 2007 6:16 User comments (2)

Real to offer fix for RealPlayer security flaw RealNetworks Inc. has announced that a fix will be made available for a critical unpatched vulnerability in the RealPlayer software. Symantec Corp. researchers discovered yesterday that the vulnerability was already being exploited by malware authors. "Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec," wrote RealNetworks General Manager of Product Development Russ Ryan, in a Friday blog posting.
He added: "Real will make this patch available to users via this blog and our security update page later today." He said that users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version or the RealPlayer 11 beta code and install the patch. The attack exploits a flaw in an ActiveX browser helper object, affecting only Internet Explorer users running Windows.

"The exploit itself is embedded in advertisements that were being served by 247realmedia.com," Symantec said in a note on its DeepSight threat management system. "The redirection to the exploit page... was accomplished through an iFrame embedded in each advertisement."



Source:
Yahoo (PC World)

Previous Next  

2 user comments

124.10.2007 02:53

I prefer the real player alternatve because its smaller and easier to use and does not have ad support.

225.10.2007 14:05

RealNetworks has issued a patch for this vulnerability that users can download here -
http://service.real.com/realplayer/security/191007_player/en/

For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog/

Matt Spragins
Real Networks

This message has been edited since its posting. Latest edit was made on 25 Oct 2007 @ 8:27

Comments have been disabled for this article.

News archive