Real Networks Inc. has released a new version of RealPlayer that fixes at least seven critical vulnerabilities that could be used to compromise host systems remotely if left unpatched.
I’ve never hidden my distaste for this program, mainly due to its history of unnecessarily tracking users, installing oodles of third party software, and serving obnoxious pop-ups. But I realize that many people keep this software installed because a handful of sites still only offer streaming in the RealPlayer format. If you or someone you look after has this program installed, please update it.
The new versions listed in the chart below are not vulnerable to these flaws. Real Networks says it has no evidence that attackers are exploiting any of these flaws yet. The latest versions for all operating systems are available here.
I dumped Real Player several years past due to their nasty habits. Have used Real Alternative since with no problem.
I believe VLC is also an excellent open source alternative.
I like VLC too seems to run a lot of obscure file types without any trouble however I understand that it is open to misuse because it does not take advantage of the new random memory allocation security features. Does anyone know if this is true and what are the alternatives without loosing the functionality.
i love you just i love you
im david so just boy
Hear! Hear! If there’s some Real function a body needs (in my case 2 unique streaming webcasts) Altreal does quite nicely. Otherwise, why have the bloody thing around at all?
Real Alternative is no longer being maintained. The K-Lite Codec Pack guy dropped it awhile back.
My senior thesis at Scam U is going to be a making virus that uses this Reaplayer exploit… to uninstall Realplayer.
Wow, didn’t realize Real Player was still around. To show how long it’s been for me, Windows 98 was the last system I ever had it installed on! I couldn’t get away from it fast enough for the same reasons Brian has mentioned. That reminds me of how the AOL software also tries to install everything but the kitchen sink! Yuck. 🙁
According to Secunia http://secunia.com/advisories/41096/ there are actually eleven vulnerabilities, several discovered by their own researchers.
Also RealPlayer SP 1.1.5, which is not vulnerable was released at the beginning of July. Weird why the advisory came three months later.
At the risk of being hounded from this forum, I’ll admit I use RealPlayer. I didn’t know about the alternatives mentioned above and will explore those.
Anyway, I installed RealPlayer SP 1.1.5 on September 29, 2010, which is listed as the current version. I find it incongruous that it was announced as an update on October 15 as a version to fix vulnerabilities.
If it was known to fix vulnerabilities on September 29, why was it not announced then? If the vulnerabilities were not known on September 29, did the vulnerabilities suddenly appear with the earlier versions, and version 1.1.5 happen to have the code to take care of them?
Yes I have to admit I am guilty also I like the feature that allows you to screen capture video and convert files very quickly to alternative types eg mpg but I always run it on a quarantined machine.