Real to offer fix for RealPlayer security flaw

Real to offer fix for RealPlayer security flaw
RealNetworks Inc. has announced that a fix will be made available for a critical unpatched vulnerability in the RealPlayer software. Symantec Corp. researchers discovered yesterday that the vulnerability was already being exploited by malware authors. "Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec," wrote RealNetworks General Manager of Product Development Russ Ryan, in a Friday blog posting.

He added: "Real will make this patch available to users via this blog and our security update page later today." He said that users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version or the RealPlayer 11 beta code and install the patch. The attack exploits a flaw in an ActiveX browser helper object, affecting only Internet Explorer users running Windows.



"The exploit itself is embedded in advertisements that were being served by 247realmedia.com," Symantec said in a note on its DeepSight threat management system. "The redirection to the exploit page... was accomplished through an iFrame embedded in each advertisement."

Source:
Yahoo (PC World)

Written by: James Delahunty @ 20 Oct 2007 18:16
Advertisement - News comments available below the ad
  • 2 comments

  • borhan9

    I prefer the real player alternatve because its smaller and easier to use and does not have ad support.

    24.10.2007 02:53 #1

  • MattSpra

    RealNetworks has issued a patch for this vulnerability that users can download here -
    http://service.real.com/realplayer/security/191007_player/en/

    For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog/

    Matt Spragins
    Real Networks

    25.10.2007 14:05 #2

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud