Exploit code has already been posted, according to this News.com article. Other sources agree.
Apparently, the security researcher who found the flaw notified Real Networks, who are hard at work on a fix. Somehow, though, word got out prematurely, so the flaw became known before a fix was ready. It will be released as soon as possible, I am sure.
The only protection you have is to not play files from untrusted sources in Real Player or Helix.
Keep a close eye out for the fix. The problem apparently only affects installations on the Windows operating systems, though I am unable to find anything definitive on that. I'm not using Real Player in Linux until I know for sure. Not that I use it much anyway.
Jack
Update; According to ZDNet UK Linux and Unix users ARE at risk from this flaw. I just uninstalled the application on our Linux machines. I'll reinstall when the new version containing the fix is released.
Possible zero day exploit against client side Realplayer and Helix Player. So far, it looks like its just Linux versions. But, maybe its just different sources, or newer info.
ReplyDelete