Media Player Vulnerabilities Raise Control Issues
Security breaches in RealPlayer, Helix Player raise questions about how to control deployment and use of multimedia players.
October 7, 2005
A format string error can occur when a malformed .rp or .rt file is clicked and RealPlayer or Helix Player are launched, according to a report by the French Security Incident Response Team (FrSIRT). Malicious attackers can take advantage of the error to gain remote control of users' computer systems. In June, FrSIRT identified and Real Networks created patches for four such flaws that affected Windows, Mac and Linux, but the team found more vulnerabilities in the Linux apps in late September, forcing the development of new patches.
Real Networks has reacted quickly to these remote execution threats and says it "takes security issues very seriously." But if it truly takes security seriously, it should offer users or IT departments the option to block embedded calls to outside Web sites. IT departments also could use some help from Real Networks with installing the patches. It's hard enough getting users to install operating system patches, let alone update their music and video software.
You May Also Like