updated 02:35 pm EDT, Tue July 29, 2008
RealPlayer exploit fix
RealNetworks is urging Mac users to upgrade to version 11.0 of its RealPlayer application, due to a potential security exploit. The malware research site Secunia rates the problem as "highly critical," with potential risk of malicious system access and exposure of sensitive information. The vulnerability affects Realplayer v10 and v10.1 for Mac OS X. The company did not issue a patch, but is instead urging users to upgrade to RealPlayer 11.0. The company says there is a problem with Realplayer's ActiveX import method buffer overflow.
An advisory posted by Secunia says an error in the ActiveX control could cause memory corruption under certain circumstances. Hackers could use this weakness to compromise a user's system. The problem also affects some versions of RealPlayer for Windows and Linux. RealPLayer 11.0 for Mac -- and updates for other platforms -- are available at no cost from RealNetwork's website.