The popular VLC video player application was found containing a security gap that sounded pretty scary.
According to the German cybersecurity agency CERT-Bund who discovered it, security holes in VLC can be used by hackers to take over devices without the user’s knowledge, through Remote Code Execution (RCE) techniques.
In addition, it was also mentioned that the related loopholes could be exploited by hackers to launch a cyberattack on the Distributed Denial of Service (DDoS) model.
This security gap was found on the Windows, Linux, and Unix versions of VLC, but the MacOS version was unaffected. Even more horrifying, VideoLAN is said to have not finished working on the patch to patch the dangerous hole.
Is it really that scary? The VideoLAN dismissed the CERT-Bund findings and said that the security gap was harmless and had been repaired for a long time.
VLC Security gap
About the “security issue” on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorpdid not even check their claim.
Thread:— VideoLAN (@videolan) July 24, 2019
“VLC’s security is not vulnerable. The problem is with third-party libraries named libebmi which was resolved 16 months ago,” said VideoLAN in a Twitter Twitter tweet.
According to VideoLAN, the necessary repairs have been applied to VLC version 3.0.3 or later.
So, as summarized by KompasTekno from PC Gamer, Friday (7/26/2019), VLC users don’t need to panic and delete their applications. Just make sure the application is up-to-date. The latest VLC application is version 126.96.36.199.
VLC itself is software that can play various multimedia files in various formats. VLC is an open-source software which presents for several operating systems.
VLC is a popular software because of the completeness of the codecs it has. Besides being complete, the size of VLC is also smaller and lighter so it is liked by many users.