Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

GNOME's LaTeXila TeX/LaTeX Editor App Gets New Features, Prepares for GNOME 3.18

The GNOME Project has released a new development milestone for the LaTeXila software, an open-source TeX and LaTeX editor used by default in the GNOME desktop environment. Read more

Leftovers: Ubuntu Touch

Canonical Patches Two BIND Vulnerabilities in All Supported Ubuntu OSes, Update Now

On July 28, Canonical, through Marc Deslauriers, published details about the availability of a new important update for the BIND packages in the Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems. Read more

KDE and Akademy

  • KDE unveils Plasma Mobile, a free and open Linux OS for phones
    Move over, Ubuntu Touch and Android. There's new competition in town. The KDE community just unveiled Plasma Mobile, a free and open-source mobile operating system. This is nothing new for the KDE project. Before Ubuntu Touch was ever announced, the KDE community had a long-term vision of convergence. Plasma 5 on the desktop has a “converged shell” that can switch between different interfaces for different device types. KDE even attempted to release tablets with their Plasma software preinstalled, but this never worked out.
  • Keeping Up With Akademy 2015 In A Coruña
    For KDE fans interested in the Akademy conference that started on Saturday in A Coruña, Galicia, Spain, there are a lot of daily reports coming out of the event.
  • Akademy A Coruña Photos
  • Akademy 2015 videos available
    Video recordings of the Akademy talks are now available in a low quality version to enable them to be released quickly. Higher quality version will be available later.