Exploit code found serving from popular advertising site
Real readies patch for player's zero-day bug
Computerworld - RealNetworks Inc. said it would publish a patch later Friday for its RealPlayer media program to protect users from ongoing attacks. Less than 24 hours before, Symantec Corp. had issued a high-level alert that warned of a critical vulnerability in RealPlayer that could be used against anyone browsing the Web with Internet Explorer.
The bug came to light after the NASA space agency warned employees of a spike in attacks that it said originated from advertisements placed on "well-known" but unnamed news sites.
"Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec on 10/18," said Russ Ryan, RealPlayer's general manager for product development, in a posting to a company blog today.
NASA knew first
Late Thursday, Symantec released a warning to customers of its DeepSight threat network that said an ActiveX control installed by RealPlayer was flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.
Only systems on which both RealPlayer and IE have been installed are vulnerable.
Symantec hinted that it first found out about the vulnerability by reading a blog that had posted information about the bug Wednesday morning. The blogger, identified only as Roger, claimed that NASA had warned workers not to use IE because of an unspecified problem with RealPlayer.
On Friday, agency spokesman Mike Mewhinney confirmed Roger's account. According to Mewhinney, who works at the Ames Research Center south of San Francisco, the alert went out Tuesday. Employees were told of a surge in security problems at Ames and other NASA centers, and informed that systems running IE and RealPlayer had been infected, apparently by malicious code downloaded after visiting legitimate sites.
"Recent indicators point to well-known news sites which may be hosting advertisements from ad servers that redirect the users to malware hosting sites," the NASA warning said. Workers were also instructed to limit their use of IE to browsing NASA's intranets, and to "Use non Internet Explorer browsers, such as Mozilla Firefox, Opera, etc., for sites external to NASA."
Symantec ranked the attack as a "10" on its urgency scale because it confirmed that attacks were being conducted in the wild; those attacks had resulted in malicious code downloaded to victimized PCs. Originally, however, Symantec saw a silver lining, and said in the Thursday warning that: "We are not currently aware of widespread exploitation of this issue," the company's warning read.
By Friday, however, Symantec had changed its tune.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!