Time to get rid of RealPlayer – uninstall it now.

RealNetworks recently released a patch to fix no less than 11 critical vulnerabilities.

This is the advisory from Real Networks. Patch can be downloaded from here.

Heise recommends to simply just uninstall it.

Since the proprietary RealMedia format is now barely used, as an alternative to installing the update, users might wish to simply uninstall RealPlayer completely. While few users still have RealPlayer installed, those who do mostly have vulnerable versions, as has been recently demonstrated by The H’s update check. During roughly 140,000 tests over a 30 day period, update check registered around 7,300 installed copies of RealPlayer versions 10.x and 11.x, of which more than 80% were vulnerable.

I agree. The format is not really used anymore. Real was useful a couple of years back, but no more. Throw it into the trash – uninstall it.


Adobe fixes critical holes in Shockwave

Adobe quietly released a HIGHLY CRITICAL update to Shockwave on Tuesday. Exploiting these vulnerabilities enables an attacked to inject code and – shock – take over your system. Yes, you need to update your Shockwave installation ASAP. And yeah, you even have to uninstall your old version first!

Adobe advisory is here:

Critical vulnerabilities have been identified in Adobe Shockwave Player and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version using the instructions provided below.


Adobe recommends Shockwave Player users uninstall Shockwave version and earlier on their systems, restart their systems, and install Shockwave version

Download Patches from here: http://get.adobe.com/shockwave/.

Adobe fixes out, addressing vulnerabilities that lead to system compromise

Update your Adobe Reader, Acrobat etc. installations. Adobe released 30 (!) security vulnerability fixes last week. Exploits are in the wild, using some of these vulnerabilities to ‘take control over the affected system’.

Details are here.

Vulnerability in Adobe Reader and Flash Player – remote break-ins possible

Be careful when you use Flash Player to watch videos on the Internet or in your E-mail; also don’t open PDF files from unknown sources. There is currently an exploit in the wild that makes use of a new vulnerability, which essentially can result in an attacker taking over your system. There is currently no patch for this; Adobe is working hard to get one out next week. Until then, be cautious!

See the details on Adobe’s site: 

[…] A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-1862) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild via limited, targeted attacks against Adobe Reader v9 on Windows.
We are in the process of developing a fix for the issue, and expect to provide an update for Flash Player v9 and v10 for Windows, Macintosh, and Linux by July 30, 2009 (the date for Flash Player v9 and v10 for Solaris is still pending). We expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009 […] Flash Player users should exercise caution in browsing untrusted websites. Adobe is in contact with Antivirus and Security vendors regarding the issue and recommend users keep their anti-virus definitions up to date.

Critical: Microsoft patches released to fix ActiveX vulnerabilities, new vulnerability in MS Office

I mentioned this last week, and Microsoft is planning to patch it tomorrow (Tuesday), from what I read. Stay alert and patch your systems as soon as you can.

As reference, here is the advisory that they released last week.

Also, there is a new advisory out there, affecting Microsoft Office. They are rating this as Critical, remote exploitation is possible (and has occured already), so keep your eyes peeled for a patch that should be released by MS as soon as possible.

UPDATE: bulletins have been released, navigate to http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx and get this patched now. Exploits are in the wild, that means that machines are getting hacked as we speak.