updated 11:00 am EDT, Mon July 28, 2008
Real has fixed four "highly critical" security issues spread across the Mac, Windows and Linux versions of RealPlayer, according to a Secunia report. While two of the vulnerabilities are Windows-only, in that they relate to ActiveX controls, at least one is known to be universal. In this a design flaw is said to exist within the handling of frames in Shockwave Flash files, which in an unpatched copy of the software, could be used to create a heap-based buffer overflow.
The last vulnerability is described only as an "unspecified error," which could be used to "reference local resources." Affected Mac versions of RealPlayer include v10 and v10.1; both Secunia and Real recommend upgrading to v11 to solve the problem.