Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Linux Kernel 4.14 Now Ready for Mass Deployments as First Point Release Debuts

Renowned Linux kernel developer Greg Kroah-Hartman announced today the Linux 4.14.1 kernel, the first point release of the Linux 4.14 kernel series, which is the first to be supported for the next six years. The Linux 4.14.1 kernel is marked as "stable" on the kernel.org website, giving the green light to OS developers to add it to their repositories. Arch Linux developers have already pushed the Linux 4.14.1 kernel to the "Testing" repositories, for early adopters, so we may soon see a rebase of the operating system on Linux kernel 4.14, which brings major new features like support for AMD Secure Memory Encryption, Heterogeneous Memory Management to support upcoming GPUs, and bigger memory limits in x86 hardware. Read more

LibreOffice 6.0 Beta to Arrive by Week's End for Second Bug Hunting Session

Announced today by Mike Saunders, the event will be held for the first time on a Monday, on November 27, 2017, from 8 a.m. UTC to 10 p.m. UTC. During the event, which will take place online, LibreOffice developers will try to triage and fix as many bugs as possible for the first LibreOffice 6.0 Beta. A few days before the event, The Document Foundation will release the LibreOffice 6.0 Beta 1 builds for GNU/Linux distributions using either the DEB or RPM binary formats, as well as for macOS and Microsoft Windows operating systems. These beta builds can run in parallel with the production version, LibreOffice 5.4. Read more

Today in Techrights

Android Leftovers