VideoLAN clarifies VLC isn’t vulnerable; issues were already fixed in older update

.

tech2 News StaffJul 24, 2019 22:07:13 IST

Update: Earlier, we had reported that popular media player VLC had a critical security issue that made it vulnerable for hackers to remotely control some aspects of the victim’s machine. However, VideoLAN says that VLC isn’t vulnerable currently and the issue was present because of a third-party library (called libebml) that was fixed 16 months ago. The current 3.0.3 or later version of VLC doesn’t have the security issue and the vulnerability claim was based off on an older version.

VideoLAN took to Twitter to address the security concern. If you’re running the latest version of VLC (3.0.7.1) then you don’t need to worry about anything.

About the “security issue” on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.

Thread:

— VideoLAN (@videolan) July 24, 2019

Original story:

VLC Media Player is a highly popular and free media player that’s been available for a long time. Since VLC is open-source software, it is easily accessible to everyone but it turns out that there is a huge security flaw in it. According to WinFuture, German security agency CERT-Bund has found a flaw in VLC that has a vulnerability score of 9.8 making it a “critical” problem. In simple words, because of this app, hackers can install, modify, or run software on your device that too without your authorisation.

VLC AirPlay support

As per a Gizmodo report, no one has yet been affected because of it. But this does not mean, that there are not potentially vulnerable systems that can be affected anytime.

(Also read: Google takes down seven Russian spying apps from its Play Store)

VideoLAN is probably working on rectifying the flaw already. This means you still have to wait until the company releases an update. Hence, a safer option would be to switch to an alternative like Media Player Classic, MX Player, KM Player and so on.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.

.. ..