4/11/2024 0 Comments Is videolan vlc media player safeVLC Media Player is about to hit 3bn downloads, with new features on the wayĪccording to CERT-Bund, the flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files, and overall disruption of service, meaning users could see their devices hijacked and made to run malicious code of software.VLC for Nintendo Switch and PS4 could be on the way.Update VLC to the latest version (it probably would be a not-bad idea to upgrade your non-VLC players to the latest versions of those) continue to apply VLC (etc) updates as they release if you use Ubuntu ( read this thread, please), to be fully on the safe side, update the libebml library and see if you need to manually remove the old version (if such a thing is possible, I don't know as I don't use linux) remember to always scan your downloads before opening them and you should be good.Researchers from German firm CERT-Bund say they have detected a major safety flaw in the video player, which has been downloaded billions of times across the world, which could allow hackers access to compromise users' devices.Īlthough the vulnerability is yet to be exploited by hackers publicly to date, it poses an increasing threat for users of the popular software. TL DR #2: Gizmodo reported on what is a non-issue for most users and scared a lot of people thereby. VLC since version 3.0.3 has the correct version shipped, and did not even check their claim. tl dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago. I'll do my best to not get scared into posting a "PSA: bug report" in the future.Ībout the "security issue" on #VLC : VLC is not vulnerable. Thank you to those users who have supplied further information to me about this issue. I apologize for blowing this out of proportion, and yet I, in all good faith, reported here on what I knew at the time. mkv file (what even are these? has anyone used these in the last 5 years? I kid, I kid. PPS: It seems that the gizmodo article was nothing more than clickbait, or relied on someone with an older version of VLC downloading (and playing in VLC) a malicious. Sorry for the overstatement at first I was reporting based off of what I knew at the time. PS: Comments have stated this to not be as much of an issue as the two articles say, if caution is used and malicious. CERT-Bund has given this a base vulnerability score of 9.8 out of 10. Additionally, hackers can exploit the issue to cause denial-of-service attacks, which is a common function of certain malware. The security flaw allows for remote code execution (RCE), which gives hackers total access to your computer to install, run, and modify anything on it without your knowledge. HOWEVER, you have to do a lot of stuff in order to make this exploit be anywhere close to an issue for you. TL,DR: VLC has a MAJOR, as-of-yet unpatched security flaw allowing RCE (hackers) onto your PC, Unix or Linux computer. I strongly recommend the K-Lite Codec Pack (Mega Edition, because why not) and the associated Media Player Classic - Home Cinema If you wish, you can read an article which is based on the first one, but is different and newer:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |