RealOne Player for Mac OS X affected by security issue
http://www.macfixit.com/article.php?story=200410040711520eEye Digital Security says it discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
A statement reads "This specific flaw exists within the pnen3260.dll file used by RealPlayer. By specially crafting a malformed .rm movie file along with a SMIL file, a direct heap overwrite is triggered, and reliable code execution is then possible."
In the case of Mac OS X, users only vulnerable if they play a local Real media file in either Real Player 10 Beta or RealOne Player.
---------------------------------------------------------------------
Apple Releases Seucurity Update For OS X Core Services
http://www.macobserver.com/article/2004/10/04.11.shtmlApple has issued a new scurity update for Mac OS X called "Security Update 2004-09-30." The short version is that the update addresses issues in several Mac OS X core services. From Apple's release notes:
Security Update 2004-09-30 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
AFP Server
CUPS
NetInfoManager
postfix
QuickTime
The update weighs in 1.5 MB, and we'd like to echo Apple's encouragement that all Mac OS X users update. You can find the update through Software Update in your System Preferences. You can find a standalone updater for both Jaguar and Panther through Apple's Apple Downloads page.