RealNetworks Fixes Critical Media-Player Flaws
RealNetworks has issued an update to its fleet of media-player products that fixes at least three critical flaws in the applications that attackers could use to infiltrate vulnerable PCs. I meant to blog about this late last week when these updates were issued, but I got sidetracked. Oh well, better late than never, I suppose.
The update mends problems in versions of RealPlayer, Rhapsody, Helix Player and RealOne Player for Windows, Mac OS X and Linux systems. This link here has instructions on how to tell whether your version needs updating, and if so, how to update it.
I long ago abandoned RealNetworks' products because I didn't like how they seemed to take over my machine's settings, generate odd pop-up screens and generally hog my bandwidth. I installed RealPlayer the other day on a PC I don't use much in order to test this update and noticed that the program stil appears to have some of those same behaviors. But it occured to me that if RealNetworks can generate all of these messages, at least one of the pop-ups should remind me that I need to download a security update.
Alas, RealPlayer does not do that. In my version (10.5, build 220.127.116.115), you need to go to "Tools" and then "Check for Updates," after which it pops up a dialogue box that lists two items under "critical updates." The first option is an upgrade to RealPlayer 10.5 "with Harmony Technology," which -- for a one-time fee of $19.95 -- adds support for Apple's iPod and supposedly some other features. I have written about this before, and Real is not alone in trying to use security updates to get people to pay for upgrades.
The second option is the stand-alone security update, which I installed. Curiously, when I clicked on either "Tell me more" link next to the security update options, I received the following message:
"Unable to launch web browser. Please verify that you have a Web browser installed and registered as the default Web browser." This message is baloney, because I already have Firefox set as my default browser (as shown in the "General" tab of Firefox's "Options" Menu).
My suspicion is that this may have something to do with the Internet Explorer patch I installed earlier today just to see if it would change the behavior of sites that I visited. That patch, which Microsoft released in February as a non-priority, non-security update (that is, if you use Windows Update or Automatic Updates you won't see this patch without some digging) addresess a patent dispute that Microsoft lost with Eolas Technologies over the way IE handles ActiveX controls. Real's products have relied heavily on ActiveX in the past (Real's downloader may fail if you have it turned off). Interestingly, Microsoft said yesterday it plans to include this patch in its next cumulative security update for IE, which it plans to issue April 11.
Posted by: Colin | March 30, 2006 3:27 PM | Report abuse
Posted by: John Johnson | March 30, 2006 7:50 PM | Report abuse
Posted by: George | March 31, 2006 11:44 AM | Report abuse
Posted by: Anonymous | March 31, 2006 12:35 PM | Report abuse
Posted by: James | April 3, 2006 9:16 AM | Report abuse
Posted by: me | April 4, 2006 1:07 PM | Report abuse
Posted by: hhhobbit | April 8, 2006 12:48 PM | Report abuse
Posted by: Hospedagem de Sites - http://www.hostdahora.com | August 6, 2006 7:55 PM | Report abuse
The comments to this entry are closed.