Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

OnePlus 3T review: An excellent affordable Android handset gets even better

At the end of November last year I was sent a OnePlus 3T. This appeared relatively hot on the heels of the OnePlus 3, which I'd reviewed in the middle of 2016, judging it to be the best smartphone in its price range. Having set the OnePlus 3T up as my main handset, I've had a chance to examine it in depth over the holiday period. The OnePlus 3T is built in the same body as the OnePlus 3, but there are some significant internal upgrades, making it an altogether more capable handset than its predecessor. Although the upgraded model is more expensive, it's still much more affordable than flagship devices from the leading smartphone vendors. Read more

GNU/Linux Desktop

  • Google for Education intros two Chromebooks with stylus capability
    Schools love Chromebooks, so Google for Education has launched two new models they can choose from: the Acer Chromebook Spin 11 and the Asus Chromebook C213. Both devices have touchscreen displays and come with a low-cost stylus that resembles #2 pencils kids can use to take notes. The stylus has an eraser just like a real pencil does, though its version obviously deals with digital mistakes. Plus, kids can easily share and replace it, since it doesn't need to be charged or paired. The feature sounds especially useful for science and math subjects that require students to write out formulas and equations. As Roger Nixon, Director of ICT at Wheatley Park School, Oxford said: "Stylus on Chromebooks will be a massive help for mathematics."
  • A Pin Factory and Happy Hacking Linux
    Imagine you have a pin factory. A very simple business, you have humans and machines working together to produce pins. Your goal is to produce as much as you can within a day. Your factory needs the best workspace setup because the whole business depends on how productive your factory is. If your machines are slow, you may produce half of what your competitor can produce in a day, which means, price competition will beat you up soon. [...] This is why I created Happy Hacking Linux for all of us. It’s a new Linux distro that combines the best developer setup, so you can turn even an old desktop computer into blazing fast desktop that is designed for building software.
  • Linux: Is Xfce better than Windows 10?
    One of the best things about Linux is the range of choices it offers when it comes to desktop environments. There really is a Linux desktop for everybody out there, no matter what hardware they are using. One user recently switched to the Xfce desktop and found that it was much better than Windows 10. He shared his thoughts in a thread on the Linux subreddit.

Tizen on More Phones

  • Next Tizen smartphone could be Samsung SM-Z250F running Tizen 3.0 ?
    Samsung have released several Tizen-based smartphones over the last few years, the Samsung Z1, Z2 and Z3, promising more to come during 2017, and it looks like they are getting ready to keep that promise.
  • Do you need new features for your Samsung Z1 ? Upgrade to Tizen 2.4 now!
    Do you own a Samsung Z1 mobile and also like the sound of new and useful features coming to it? Well, if your smartphone is on Tizen 2.3 software then all you need to do is update to version Tizen 2.4.x. Samsung released their 2.4 Tizen Operating System (OS) final software update via OTA on 5th February 2016 in India & 22nd February in Bangladesh and later this month to many other countries. A lot of new and exciting features and apps are available after updating.

Android Leftovers