Critical Security Flaw Detected in VLC Media Player

VLC, a popular media player, is now in the headlines, due to all the wrong reasons. A software vulnerability has been detected in this open-source program, and this could potentially impact millions of people.

This security flaw was detected by researchers at CERT-Bund. According to the researchers, VLC, which hit the three billion downloads milestone earlier this year, has a flaw that might enable miscreants to access the compromised user's devices. While this flaw has not been exploited as of now, it does pose a threat for VLC users.

As per the firm, this vulnerability allows RCE, unauthorized modification along with disclosure of data. This vulnerability is labeled CVE-2019-13615 and is was detected in the most recent version of VLC Media Player - 3.0.7.1.  

In case VLC media player is still installed on your device, then you may prefer to remove it on a temporary basis as the VideoLAN does not have a patch for the detected flaw. As this vulnerability permits remote code execution, attackers can access your device and do stuff without your permission or knowledge. This flaw can be used to denial-of-service attacks as well.

However, if you have VLC installed on your Mac, then you do not have to worry as only Windows, Linux, and Unix versions are affected.

What can you do?

You should go to the bug's initial filer's concept video and download it. Then, play it and check if your VLC media player crashes or not. According to reports, VLC version 3.0.7 underwent crashes. However, it is not necessary that your VLC will crash too.

Moreover, you should take note than VideoLAN states that the bug cannot be reproduced, and it does not crash the media player. The developers of VLC are not happy as they nobody contacted them regarding the security flaw before publishing.

The Register has reported that the crash is caused by a proof-of-concept video which exploits the flaw. But, as per VideoLAN, the crash cannot be reproduced and only works once the feature named Loop Pine is turned on the Windows version of VLC.

You just need to keep an eye on the ChangeLog of VLC and wait for a new version to be released. Also, ensure that you always download the most recent updates for the media player. Open VLC click on Help and select Check for Updates. Also, you should enable the Activate Updates Notifier feature by going to the Settings option in VLC media player. This way, you will get notifications as and when a new version is available.

Bella Williams, an employee currently living in USA and working at a top email service provider company in the day, and a technical writer at night. I am passionate about writing troubleshooting tips, beginner’s guides, news and other articles on varied topics like Ricoh Printer Support, Panasonic Printer Support, Lexmark Printer Support etc.