UPDATED: VLC Player Hit With Critical Vulnerability

VLC Player Hit With Critical Vulnerability

UPDATE July 25, 2019, 11:55 BST

The recent CVE Security Vulnerability issued for the VNC video player maybe incorrect according to a recent tweet by VideoLAN
“About the “security issue” on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
This brings up some interesting questions:
1. Can we trust CVE?
2. A possible bigger issue is, we not only have to worry about the security vulnerabilities in the products we use, but also the 3rd Party Libraries those vendors choose to include in their products.

The free and open-source VLC media player has a critical-severity bug that allows for RCE (remote code execution) which potentially allows attackers to install, modify, or run software without authorization.

The latest vulnerability could put millions of users at risk, pointed-out by security researchers from German firm, CERT-Bund, and so far the software has been downloaded more than a billion times across the world. Categorized as CVE-2019-13615, the vulnerability is rated at 9.8/10 by NIST (National Institute of Standards and Technology) and was discovered in the latest version, VLC 3.0.7.1.

The vulnerability has been detected in Windows, Linux, and Unix versions of VLC Media Player.

Vulnerabilities such as this allow not only for disruption of service and unauthorized modification, but are a catalyst for greater concerns like ransomware,” says Jon Cassell, Senior Solutions Architect at Verismic Software, Inc. “So far, there still doesn’t appear to be any updates to remediate the bug, although VLC has already been made aware and are working on a patch. Our best recommendation, for now, would be to uninstall the software entirely until the situation is alleviated.”

Syxsense has the innate ability to show all devices with VLC Media Player installed, as well as includes the latest VLC Media Player software updates for easy remediation. Simply target all devices, select Patch Now, and choose the latest VLC Media Player updates. Also included is the action to entirely uninstall the software from any target devices and it’s just as easily as updating. When the task is complete, you’ll have full assurance that the vulnerability no longer applies.

Recent Posts

Topics

Related Posts

In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024