About Me

Craig Schmugar

Craig Schmugar

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

RealPlayer 'Zero Day FIX' Hits the Web

Friday, October 19, 2007 at 9:18pm by Craig Schmugar
Craig Schmugar

Earlier today we posted a blog entry: RealPlayer Zero Day Exploit Hits the Web.  Well RealPlayer responded RealQuick.  In less than 24 hours they managed to ship a patch.  That’s what I call rapid response.  Real also states that more information will be posted on their Security Updates & Incident Reports page.

Earlier today McAfee’s Regional Virus Info identified over 250 unique machines reporting Exploit-RealPlay.a detections, 99% of which reside in the US.  This does not mean that each of these systems were vulnerable, but it does mean that in all likelihood thousands of systems worldwide were exposed to the malicious code.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • CopiaTECH SMB Security October 22, 2007 11:44AM

    I am not sure a lot of people understand how much companies like McAfee, Symantec and more work together along with the rest of the software community to “shore-up” security everywhere. I try my best to educate customers on how everyone really tries to work together and sometimes in the solution can be so risk, but there is no real avoiding it.

    Vulnerability reporting is like a flu shot, there is some of the bug in the cure!

    Michael Rowles
    CopiaTECH SMB Security

    Reply
  • Craig Schmugar October 22, 2007 10:21AM

    Re: you write that as though you truly believe Real responded to your blog posting.

    Nope. ‘In less than 24 hours’ was referring to the time they seemingly became aware of this particular case, and had nothing to do with our blog post.

    As far as Real having prior knowledge of the vuln, that’s possible. I suspect that was not the case, but there are probably only a handful of people who’d know for sure. Even if they had prior knowledge, a 24 hour turn-around from the time the incident went public to a patch being available is relatively quick. Though we don’t know if the fix was sitting in a queue waiting for someone to press a button, I’ll give the benefit of the doubt against that scenario.

    Reply
  • Peter James October 21, 2007 4:12PM

    “Earlier today we posted a blog entry: RealPlayer Zero Day Exploit Hits the Web. Well RealPlayer responded RealQuick. In less than 24 hours they managed to ship a patch.”

    - you write that as though you truly believe Real responded to your blog posting. What makes you think they haven’t known about the vulnerability for days, weeks or even months? Who are you guys trying to fool – yourselves?

    Reply