VLC Player Hit With Critical Vulnerability
VLC Media Player has a critical security flaw that could put millions of users at risk.
UPDATE July 25, 2019, 11:55 BST
“About the “security issue” on #VLC : VLC is not vulnerable.tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
The free and open-source VLC media player has a critical-severity bug that allows for RCE (remote code execution) which potentially allows attackers to install, modify, or run software without authorization.
The latest vulnerability could put millions of users at risk, pointed-out by security researchers from German firm, CERT-Bund, and so far the software has been downloaded more than a billion times across the world. Categorized as CVE-2019-13615, the vulnerability is rated at 9.8/10 by NIST (National Institute of Standards and Technology) and was discovered in the latest version, VLC 18.104.22.168.
The vulnerability has been detected in Windows, Linux, and Unix versions of VLC Media Player.
Vulnerabilities such as this allow not only for disruption of service and unauthorized modification, but are a catalyst for greater concerns like ransomware,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “So far, there still doesn’t appear to be any updates to remediate the bug, although VLC has already been made aware and are working on a patch. Our best recommendation, for now, would be to uninstall the software entirely until the situation is alleviated.”
Syxsense has the innate ability to show all devices with VLC Media Player installed, as well as includes the latest VLC Media Player software updates for easy remediation. Simply target all devices, select Patch Now, and choose the latest VLC Media Player updates. Also included is the action to entirely uninstall the software from any target devices and it’s just as easily as updating. When the task is complete, you’ll have full assurance that the vulnerability no longer applies.