Real Fixes Security Hole In RealPlayer 10 for Mac, Company Confirms

RealNetworks has confirmed to The Mac Observer (TMO) that a security hole in RealPlayer 10 for Mac has been fixed in the final version of the product, and only affected earlier beta versions.

The security hole was discovered by security firm eEye, and initially reported by Techworld. According to RealNetworks, the exploit related to the hole would allow someone "to fashion an RM file which corrupts the Player when run from a local drive and which might allow an attacker to execute arbitrary code on a useris machine."

That hole, however, is not present in the final version of RealPlayer 10 for Mac that was released earlier this year. "Users who download the final master version of RealPlayer 10 for Mac can be assured the reported security hole is no longer an issue," Erika Shaeffer, media spokesman for Real Networks, told TMO. "This only affected the beta versions."

Ms. Shaeffer confirmed to TMO that Real Networks had received no reports of attacks using these vulnerabilities. Mac beta versions of the affected software are still active, however, and the company recommends that Real users update to the current version.

Two other exploits were discovered for the Windows versions of RealPlayer 10, RealPlayer 10.5, and RealPlayer One, as well as earlier versions for Windows. Linux RealPlayer 10 and Helix Player for Linux were also affected. Upgrading or updating all of these versions fixes the problem, according to RealNetworksi security update Web page.