Patch of RealPlayer Plugs the Wild Security Exploit
The creator of the RealOne media player software and RealPlayer- RealNetworks has issued a security update, which will fix a flaw that the hackers are continuously using to break through vulnerable PCs.
Earlier also, Symantec had cautioned the users about the vulnerability of the new zero-day ActiveX RealPlayer which was constantly being used by online hackers in the third week of October, 2007.
As per an alert brought out by Symantec DeepSight Threat Management System, the issue influences an ActiveX object which is installed by RealPlayer and can be used over the Web using Internet Explorer. Further, ZDNet wrote that by starting the object and provoking a particular method, a hacker successfully corrupts process memory and apply arbitrary code with the help of the browser.
RealPlayer suggests that the users who are still using RealPlayer 10, RealOne Player and RealOne Player version 2 should immediately upgrade to RealPlayer 11 beta or RealPlayer 10.5 and implement the latest patch.
General Manager of Product Development of RealNetworks, Russ Ryan, wrote in a blog post that Real has created a patch for RealPlayer 11 beta and RealPlayer 10.5 which would work upon the vulnerability recognized by Symantec. He also wrote that Real would provide this patch to their users either through this blog or through security update page, as per the news by TechWhack on October 22, 2007.
Presently, reports of the attacks are confined to just a few sites and seem to be attacking specific organizations. There have been reports that owing to this vulnerability, NASA has banned the use of Internet Explorer.
The security patch remedies a kind of flaw that could be accessed just by convincing the Real users to click on a particular link. The update appears just after three days when Symantec Corp. issued an alert claiming that it has noticed cyber criminals attacking the software hole to compromise Windows computers.
Linux and Macintosh versions of RealPlayer are not been influenced by this vulnerability. The company notices that RealPlayer 8 and earlier versions of RealNetworks software for Windows are not in any kind of risk from this flaw. Further, Symantec claims that technically proficient users may switch off the Active Scripting in their Internet Explorer to escape any kind of attack.
Related article: Patch Issued To Fix WMF Flaw In OpenOffice.org
» SPAMfighter News - 07-11-2007