Who doesn't know this famous video-reading app?
VLC is without a doubt the most popular audiovisual player with its. Assets of nearly three (3) billion downloads.However, it seems that our global computer dog has a security flaw. In a Security Bulletin, (https://www.videolan.org/security/sa1901.html).
You may also be interested in this article: How do you protect your personal data on the Internet?
It was a German security agency that found a flaw in our famous multimedia player, the German government's cyber-attack response centre, CERT-Bund reported the problem on Saturday (July 20th).
Currently finished at 60%, the patch fix will not be long. But no release date has also been given.
VLC means this: "A remote user can create specially designed avi or mkv files that, when loaded by the target user, will cause the buffer to overflow."
The 4/5 level flaw, noted under CVE-2019-13615 nomenclature, is as singularly serious, taking into account the fact that VLC is part of the the most downloaded apps in the world
in clear, it would be possible at a user to enter your computer via VLC by getting it crashed. even damaged more.
The same bulletin also states: "This version also corrects a significant security issue that may result in code execution when reading an AAC file." Apparently this is the vlc 22.214.171.124 version so would be the disruptive element.
If you are used this software under this version, you are therefore potentially vulnerable to this kind of attack.
How do you protect yourself?
The documents and exhibits we have consulted, not without great difficulty, on the operation of this feat suggest that various conditions must be met for an attack to be successful and to do damage. The user must be connected to the internet of course.No network, no hacking and opens a file .mp4 or mkv remote or thus calling remote resources in this new version of VLC.
While waiting for the publication of a corrective program, it is therefore recommended to be wary and be careful this type of file and if necessary open them with another program as media player or km Player. Another drive to better secure.
by Elsewhere, it is also to block VLC's network access with software such as Little Snitch (MacOs) or the firewall your antivirus.
like many systems, VLC is not at all the first flaw reported within. Indeed, the media player, like the others software, thrils and fairly regularly remedy vulnerabilities that are often discovered by its community or by its own engineers. If we until June, there would have been two (2) buffer overflow faults find and fix. It should be noted that Le program will not systematically download updates. He goes to the to ask for permission to be approved to apply the latest fixes.
Dear VidoeLan users, he recommended that you change the drive at the risk of being repetitive. A blow to the head of the most used multimedia application in the world.
Now access an unlimited number of passwords: