RealNetworks fixes 'highly critical' flaw

A security hole in RealPlayer could open the door for hackers to remotely run code on vulnerable computers.

John Borland Staff Writer, CNET News.com

John Borland

covers the intersection of digital entertainment and broadband.

See full bio

John Borland

April 22, 2005 6:23 a.m. PT

RealNetworks has released a security patch aimed at plugging a flaw in its multimedia software that could allow hackers to run their own code on people's computers.

The flaw, rated a "highly critical" risk by security company Secunia, affects most recent consumer versions of the RealPlayer media player software, for both Windows and Macintosh operating systems. Also at risk are some, but not the most recent, versions of the software for Linux. The flaw exists in some RealOne Player versions too, RealNetworks said.

The company released the patch for the flaw on Tuesday.

"RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said on its Web site. "RealNetworks takes all security vulnerabilities very seriously."

So-called buffer overflow faults, which can be exploited by a hacker to swamp a program with unexpected information and use the resulting data spillover to run malicious code, have become a common discovery in many of the most popular software programs.

The Mozilla Foundation's Firefox Web browser, Apple Computer's iSync program and numerous kinds of Microsoft software have all been found to carry similar risks and have been patched over time.