eEye has uncovered new security holes affecting RealNetworks’ media players, including the Mac version. “The flaws could be exploited via a malicious Web page or a RealMedia file run from a local drive to take over a user’s system or delete files,” reports TechWorld. “The most serious of the three new bugs involves malformed calls, and could be exploited via a player embedded in a malicious site to execute arbitrary code. This bug affects RealPlayer versions 10, 10.5, as well as RealOne Player v1 and v2 on Windows. A second bug could also allow malicious code execution, but only via a local RM file, RealNetworks said. The bug affects several versions of RealPlayer and RealOne Player on Windows, Mac OS X and Linux.”
