RealNetworks ships an important security update for RealPlayer

RealNetworks ships an important security update for RealPlayer

After Apple and Macromedia, it is the turn of RealNetworks to release an important security update for their main software product RealPlayer. These latest patches fix a pair of remote code execution vulnerabilities in this software application. Interestingly, the patches came a bit late as they were reported to RealNetworks more than four months ago.

These bugs were serious enough to let hackers take complete control over a vulnerable machine. eEye Digital Security, the security company which discovered the flaw said that the most serious flaw exists in the first data packet contained in a Real Media file. Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux).

Their was another flaw confirmed as “high risk” by RealNetworks which allowed a RealPlayer skin file (.rjs extension) to be downloaded and applied automatically through a Web browser without the user’s permission. The company has advised the users to immediately upgrade to the latest version to make their machines secure from any possible attacks.