Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Wine 2.7 Has Been Released

Canonical Releases Snapd 2.25 Snappy Daemon for Ubuntu Linux, Here Is What's New

Canonical's Snappy team, through Michael Vogt, announced today, April 28, 2017, the release and immediate availability of the Snapd 2.25 Snappy daemon for all supported Ubuntu Linux OSes, as well as other GNU/Linux distributions. Read more

Ubuntu Devs Work on Rebasing Ubuntu 17.10 (Artful Aardvark) to Linux Kernel 4.11

It looks like the Ubuntu Kernel team is back at work after taking a short break, and they recently published another installation of their bi-weekly newsletter to inform the Ubuntu Linux community about what to expect in the coming weeks. Read more

Linux Mint-using terror nerd awaits sentence for training Islamic State

A paranoid Welsh Muslim who wore gloves while typing on his laptop, admitted being part of Islamic State, and, gasp, harbored a copy of Linux Mint, has been described as a “new and dangerous breed of terrorist.” Samata Ullah, 34, who also used voice modulation software to disguise his thick Welsh accent while making instructional videos about encryption, pleaded guilty to five terrorism charges at Cardiff Crown Court. He was due to be sentenced Friday afternoon. Read more