VideoLAN says VLC security flaw is fixed
The vulnerability was apparently due to a 3rd party library.
Update 7/24: VideoLAN took to Twitter earlier this morning to clarify that the security issue discovered by CERT-Bund is not as severe as reported. VideoLAN says the issue was in a 3rd party library, called libebml, which was fixed more than 16 months ago. Mitre's claim was based on a previous (and outdated) version of VLC, not 3.0.3 or more recent, which has the corrected version.
About the "security issue" on #VLC : VLC is not vulnerable.tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.Thread:July 24, 2019
Over on the National Vulnerability Database, the VLC issue has now been downgraded from a 9.8 to a 5.5 vulnerability score. The related entry in VideoLAN's public bug tracker also lists the issue as fixed.
In other words, don't panic and uninstall VLC, but you should definitely make sure that it's properly updated. The current version is 3.0.7.1.
Original story:
If you still have the popular open-source VLC media player installed on your computer, you might want to uninstall it temporarily. A critical security flaw was recently discovered by German security agency CERT-Bund, and VideoLAN doesn't have a complete patch at the moment.
The security flaw allows for remote code execution (RCE), which gives hackers total access to your computer to install, run, and modify anything on it without your knowledge. Additionally, hackers can exploit the issue to cause denial-of-service attacks, which is a common function of certain malware. CERT-Bund has given this a base vulnerability score of 9.8 out of 10.
To make things a little more scary, all Windows, Linux, and Unix versions of VLC are affected, but not the macOS version. And without a complete patch (the one VideoLAN is working on is only 60 percent complete), the only way to keep your computer safe for the moment is to uninstall VLC. So, if you're running any one of the affected operating systems and you have VLC installed, you're exposed.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
In the meantime, you can use another video player like KMPlayer, Media Player Classic, or Plex Media Player.
Thanks, Gizmodo.