RealNetworks updates RealOne Player patch

RealNetworks has released a software patch which, it claimed, finally fixes highly publicised security holes in its RealOne...

RealNetworks has released a software patch which, it claimed, finally fixes highly publicised security holes in its RealOne Player.

The patch closes nine security holes that could allow an attacker to take over a computer running the RealOne Player.

The vulnerabilities, described as "buffer overruns", were first discovered in November. In buffer overrun attacks, malicious hackers can exploit an unchecked buffer in a program to load and run their code on the vulnerable system.

Users would have to be tricked by attackers into downloading a malformed file. RealNetworks said that no exploitations of the security holes have yet been reported. Nevertheless, the company issued a patch for the vulnerabilities in late November.

However, the patch issued by RealNetworks did not solve the reported security problems, and the mix-up prompted RealNetworks to announce a wholesale review of its RealOne Player source code to identify any other vulnerabilities in the product.

Although the results of that audit were not mentioned in a statement from RealNetworks, the nine holes have been plugged.

Individuals using RealOne Player can obtain the update by selecting the Check for Updates option on the RealOne Player's tools menu, or by visiting the RealNetworks Web site and downloading the software patch at http://service.real.com/help/faq/security/bufferoverrun_update.html.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close