Real Player Vulnerable to Silent Attack

On Jan. 1, the Russian security-research group Immunity Inc. told the world that RealPlayer 11 is vulnerable to a serious attack. The vulnerability could let a bad guy run code of his choice on your computer.

As far as I know, there aren’t any exploits floating around yet, which is a bit of a relief.  However, there also isn’t an update available from Real Networks at this time to address the problem.

I consider this threat to be serious enough that you shouldn’t use RealPlayer until a patch is released.  Your best defense is to completely uninstall the player, using the Add/Remove Software control panel.  Otherwise, you might inadvertently visit a Web site that launches an exploit by simply invoking RealPlayer’s vulnerable code.

I’ve uninstalled the player from all of my machines, simply because it is "NOT WORTH THE RISK" to me… and Windows Media Player is my preferred player over Real Player anyway.  I suggest you do the same… or don’t call me when someone invades your computer thorugh Real Player 😉

If you don’t want to just take my word for it, but prefer to read the technical data on this flaw… here is a link to the analysis by Vnunet.

I’ll have more for you on several other points and subjects in another post coming tomorrow. 





Also of Interest  Revising Your Bloglines Notifier