Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

FEDORA WORKSTATION NEXT STEPS : INTRODUCING PINOS

So what is Pinos? One of the original goals of Pinos was to provide the same level of advanced hardware handling for Video that PulseAudio provides for Audio. For those of you who has been around for a while you might remember how you once upon a time could only have one application using the sound card at the same time until PulseAudio properly fixed that. Well Pinos will allow you to share your video camera between multiple applications and also provide an easy to use API to do so. Read more

Razer’s open source virtual reality project now supports Android devices

Razer’s open source virtual reality project will support Android, which opens up the future of this mind-altering world to multiple devices. Read more

Linux Mint 17.2 "Rafaela" Officially Out with Cinnamon 2.6 - Screenshot Tour

Linux Mint 17.2 "Rafaela" Cinnamon has been officially announced by Clement Lefebvre, the leader of the project, and it brings numerous upgrades for the desktop environment and the underlying operating system. Read more

Winter is coming: GPS and Linux leap second Armageddon predicted

Linux computers are particularly prone to this, and last time several high-profile websites running databases such as Hadoop, including Linkedin, Reddit, and Yelp, were temporarily borked. GPS trackers don't play nicely either and, given that their accuracy depends on the timings between receiver and satellite, it can make them inaccurate until the problem is addressed. Read more