Exploit code found serving from popular advertising site
Real readies patch for player's zero-day bug
Computerworld - RealNetworks Inc. said it would publish a patch later Friday for its RealPlayer media program to protect users from ongoing attacks. Less than 24 hours before, Symantec Corp. had issued a high-level alert that warned of a critical vulnerability in RealPlayer that could be used against anyone browsing the Web with Internet Explorer.
The bug came to light after the NASA space agency warned employees of a spike in attacks that it said originated from advertisements placed on "well-known" but unnamed news sites.
"Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec on 10/18," said Russ Ryan, RealPlayer's general manager for product development, in a posting to a company blog today.
NASA knew first
Late Thursday, Symantec released a warning to customers of its DeepSight threat network that said an ActiveX control installed by RealPlayer was flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.
Only systems on which both RealPlayer and IE have been installed are vulnerable.
Symantec hinted that it first found out about the vulnerability by reading a blog that had posted information about the bug Wednesday morning. The blogger, identified only as Roger, claimed that NASA had warned workers not to use IE because of an unspecified problem with RealPlayer.
On Friday, agency spokesman Mike Mewhinney confirmed Roger's account. According to Mewhinney, who works at the Ames Research Center south of San Francisco, the alert went out Tuesday. Employees were told of a surge in security problems at Ames and other NASA centers, and informed that systems running IE and RealPlayer had been infected, apparently by malicious code downloaded after visiting legitimate sites.
"Recent indicators point to well-known news sites which may be hosting advertisements from ad servers that redirect the users to malware hosting sites," the NASA warning said. Workers were also instructed to limit their use of IE to browsing NASA's intranets, and to "Use non Internet Explorer browsers, such as Mozilla Firefox, Opera, etc., for sites external to NASA."
Symantec ranked the attack as a "10" on its urgency scale because it confirmed that attacks were being conducted in the wild; those attacks had resulted in malicious code downloaded to victimized PCs. Originally, however, Symantec saw a silver lining, and said in the Thursday warning that: "We are not currently aware of widespread exploitation of this issue," the company's warning read.
By Friday, however, Symantec had changed its tune.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts