">
TechMoran
  • About Us
  • Deals
  • Jobs
  • Motoring
    • Money
  • Pitch Your Startup
  • Submit Your Post
  • Freelance Gigs
  • Travel
  • Men’s Corner
  • Dating
Thursday, January 21, 2021
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition
No Result
View All Result
TechMoran
">
Home Tech

VLC media player has an unpatched ‘critical’ RCE flaw

Feritter Owich by Feritter Owich
1 year ago
in Tech
8 min read
0

VideoLAN is the not-for-profit organization behind VLC Media Player which is a popular software used to both play and convert a variety of audio and visual files. It is available for Windows, Linux, Mac OS X, Unix, iOS, and Android systems.

VLC media player boasts more than 3.1 billion installs across various operating systems and various release versions.

Recently, the open-source media player has become the focus of a recent security advisory released by the German Computer Emergency Response Team (CERT-Bund). 

CERT-Bund warns in the advisory that VLC media player version 3.0.7.1, the latest build available, contains a vulnerability which has been awarded a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10.

The vulnerability is best known as CVE-2019-13615 and is found in the latest edition of the software, VLC Media Player version 3.0.7.1, which is rated at 9.8 in NIST’s National Vulnerability Database, meaning it can be labeled as ‘critical’.

However, VLC’s developers aren’t happy they weren’t even contacted before the publishing of this flaw.

“Uninstall VLC right now!” is the advice most websites are providing. But the purported VLC flaw is overblown because according to VLC’s developers, it may not even be a real risk. Although VideoLAN doesn’t have a complete patch at the moment.

Related posts

kplc

Kenya Power Rolls Out A Smart Metering Project Across The Country

January 21, 2021
0
123movies

4 Best Free Movie Streaming Sites In Kenya

January 21, 2021
0

Sophos Named Common Vulnerability and Exposure Numbering Authority 

January 20, 2021
0

Your Ultimate SEO Audit Checklist for 2021

January 20, 2021
0

The security flaw allows for remote code execution (RCE), unauthorized modification and disclosure of data/files and disruption of service; which is, as they say, a bad thing. This gives hackers total access to your computer to install, run, and modify anything on it without your knowledge.

READ  5 Apps That Can Help You Transfer Large Files Fast

Additionally, hackers can exploit the issue to cause denial-of-service attacks, which is a common function of certain malware. Keep an eye out for updates, especially if you have not set VLC to automatically update regardless of the OS you are using.

As noted by ESET, “A remote, anonymous attacker can exploit the vulnerability in VLC to execute arbitrary code, cause a denial-of-service condition, exfiltrate information, or manipulate files.”

The vulnerability is known to exist in the latest version of VLC and has been detected in the Windows, Linux and UNIX versions, however, the macOS version appears to be unaffected. But it is possible the bug is also present in past builds. 

According to a developer who posted an update two days ago, VLC is rapidly working on a fix, and the non-profit’s bug tracker suggests that the vulnerability has been issued the “highest” priority for a patch. The fix is 60 percent complete.

While there is no concrete date for a patch release, there are no known cases of the vulnerability being exploited in the wild. Hackers are yet to exploit the vulnerability publicly to date as much as it poses an increasing threat for users of the popular software.

Nevertheless, until the patch is shipped, perhaps the only workaround appears to be to refrain from using the player altogether.

Readers 1,677

Share

  • Click to share on Telegram (Opens in new window)
  • More
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)

Like this:

Like Loading...

Related

Tags: MalwareVideoLANVLC Media Player
Feritter Owich

Feritter Owich

I am the mobile editor here. I cover apps, smartphones and anything else related to consumer electronics. Reach me at [email protected]

Related Posts

kplc
Tech

Kenya Power Rolls Out A Smart Metering Project Across The Country

January 21, 2021
0
123movies
Tech

4 Best Free Movie Streaming Sites In Kenya

January 21, 2021
0
Tech

Sophos Named Common Vulnerability and Exposure Numbering Authority 

January 20, 2021
0
Hacks & Facts

Your Ultimate SEO Audit Checklist for 2021

January 20, 2021
0
Tech

Safaricom Will Allegedly Allow The National Intelligence To Illegally Forward Your Calls

January 20, 2021
0
Tech

Safaricom Foundation’s Ndoto Zetu Supports 2,000 Students in Six Counties 

January 20, 2021
0
Tech

Tatu City Partners with Konza to Attract Investors to Kenya

January 19, 2021
0
searchengineland.com
Tech

SEO for Beginners: Where to Start and What You Need

January 19, 2021
0

https://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoBhttps://bit.ly/2VOxuoB
ADVERTISEMENT

Join our Mailing List

Loading

Recent Posts

kplc

Kenya Power Rolls Out A Smart Metering Project Across The Country

January 21, 2021

Customer Service Lessons From Leading Brands Including CarGuard’s Trevor Smith

January 21, 2021
123movies

4 Best Free Movie Streaming Sites In Kenya

January 21, 2021

Why Michelle Obama Is Trending On Twitter

January 20, 2021
Cheerful young businessman in round spectacles and formal wear, checks newsfeed on modern smart phone, connected to wireless internet, has happy look as recieves positive news from colleagues

TransUnion partners SA’s financial marketplace, Fincheck, to make the credit application process easier and less frustrating

January 20, 2021
">
">

Follow Us

">

There are many sites out there focused on blowing off some steam, from funny entertainment to thrilling experiences like playing online, in some cases online gaming could grant you the chance to win extra money. We came across rocketpot.io while browsing for a good btc casino online and it left us a very good impression with their wide variety of games and crypto offering.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

© 2019 Moran Media Group - All rights reserved TechMoran.

No Result
View All Result
  • Startups
  • Reviews
  • Insider
    • Obituaries
  • Business
  • Women
  • Blockchain
  • Columnists
  • Hacks & Facts
    • How To
  • Editions
    • US Edition
    • India Edition
    • MENA Edition
    • Asia Edition
    • Europe Edition
    • International Edition

© 2019 Moran Media Group - All rights reserved TechMoran.

Login to your account below

Forgotten Password? Sign Up

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
%d bloggers like this: