The report explains the potential malware scenario using an example: you'll become a victim only when you download a video file named as some hit TV series from some torrent sites and open it using VLC player, because the video source has already been contaminated before attrackers upload it to online sites. Go back to 2 years ago, and there was a report saying that VLC media player allows desktop takeover via malicious video files. Hence, how could it possible for VLC to be perfect? Some demerits shows that VLC is not that safe. That being said, VLC media player is developed by imperfect human. Unfortunately, until that's finished, the only way to secure your PC will be to uninstall VLC.
VideoLAN, who develops VLC, is already working on a patch. Only the macOS version is safe, which means there are potentially a lot of exposed systems out there. Most versions of VLC are affected, including the Windows, Linux, and Unix versions. Put simply, the flaw could potentially give hackers a way to hijack your PC and view your files. In addition, it can even be used to disclose files on the host system. It essentially allows for remote code execution (RCE), where malicious actors can install, modify, or run software without any authorization. The security firm gave the flaw a base vulnerability score of 9.8 out of 10, which classifies it as "critical". However, German security agency CERT-Bund has discovered a serious security flaw in VLC, which means you might want to uninstall it until the vulnerability is fixed. VLC is one of the most popular cross-platform media players around, thanks in large part to it being completely free and open-source.
However, you do need to ensure you have the latest version installed. Put simply, you don't need to uninstall VLC to protect yourself anymore. The vulnerability score has been downgraded from a 9.8 to 5.5 on the National Vulnerability Database. The claim was based on a previous, and now outdated, version of VLC, instead of version 3.0.3 or newer, which has already been patched. The problem lies with a third-party library called libebml that was actually fixed over 16 months ago. Updated on 25 July 2019: VideoLAN has clarified on Twitter that the issue is not as serious as reported.
VLC media player has a critical security vulnerability
0 kommentar(er)
