RealPlayer ‘Zero Day FIX’ Hits the Web
Friday October 19, 2007 at 9:18 pm CST
Posted by Craig Schmugar
Earlier today we posted a blog entry: RealPlayer Zero Day Exploit Hits the Web. Well RealPlayer responded RealQuick. In less than 24 hours they managed to ship a patch. That’s what I call rapid response. Real also states that more information will be posted on their Security Updates & Incident Reports page.
Earlier today McAfee’s Regional Virus Info identified over 250 unique machines reporting Exploit-RealPlay.a detections, 99% of which reside in the US. This does not mean that each of these systems were vulnerable, but it does mean that in all likelihood thousands of systems worldwide were exposed to the malicious code.
October 21st, 2007 at 4:12 pm
“Earlier today we posted a blog entry: RealPlayer Zero Day Exploit Hits the Web. Well RealPlayer responded RealQuick. In less than 24 hours they managed to ship a patch.”
- you write that as though you truly believe Real responded to your blog posting. What makes you think they haven’t known about the vulnerability for days, weeks or even months? Who are you guys trying to fool - yourselves?
October 22nd, 2007 at 10:21 am
Re: you write that as though you truly believe Real responded to your blog posting.
Nope. ‘In less than 24 hours’ was referring to the time they seemingly became aware of this particular case, and had nothing to do with our blog post.
As far as Real having prior knowledge of the vuln, that’s possible. I suspect that was not the case, but there are probably only a handful of people who’d know for sure. Even if they had prior knowledge, a 24 hour turn-around from the time the incident went public to a patch being available is relatively quick. Though we don’t know if the fix was sitting in a queue waiting for someone to press a button, I’ll give the benefit of the doubt against that scenario.
October 22nd, 2007 at 11:44 am
I am not sure a lot of people understand how much companies like McAfee, Symantec and more work together along with the rest of the software community to “shore-up” security everywhere. I try my best to educate customers on how everyone really tries to work together and sometimes in the solution can be so risk, but there is no real avoiding it.
Vulnerability reporting is like a flu shot, there is some of the bug in the cure!
Michael Rowles
CopiaTECH SMB Security