Symantec: Attackers exploiting new RealPlayer flaw

Symantec says attackers are exploiting a critical flaw in the latest version of RealPlayer.

Symantec is warning users of the RealPlayer media software to be extra careful while surfing the Web.

Last week, the company's Symantec Security Response team uncovered new attack code that affects the RealPlayer 11 beta and RealPlayer 10.5 software on the Windows platform, according to Ben Greenbaum, a senior manager with the group. By last Wednesday, Symantec had tested the attack and confirmed that it worked on the English version of Windows XP Service Pack 1 running Internet Explorer 6. Tests for the more-recent XP service pack 2 and IE 7 browser were ongoing.

For the attack to work, the criminal would have to trick the victim into playing a maliciously encoded Web page. The flaw lies in a browser helper object, software that RealPlayer uses to help users who are experiencing technical difficulties.

Once the exploit is run on the victim's machine, the attacker can download and install whatever software he wants, Greenbaum said.

So far, Symantec has just seen the one sample of the attack code, submitted by a customer in the U.S., but Greenbaum expects it to soon become more widespread. Symantec has not yet seen the code posted to public hacker forums, he added.

Symantec's products are now protecting its customers from the attack, but other users can protect themselves by disabling JavaScript and ActiveX in their browsers and by being careful about the sites they visit, Greenbaum said.

Greenbaum did not know whether the flaw also exists on Linux and Mac OS versions of RealPlayer, but he said that even if they were vulnerable, the attack code that Symantec has seen would probably need to be rewritten for those platforms.

RealPlayer's maker, RealNetworks, did not immediately respond to requests for comment on this issue.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?