This year, as usual, there have been some reports of vulnerabilities in probably the world’s most popular media player — VLC Media Player. The latest vulnerability seems to affect the Windows, Linux, and Unix versions of the VLC player.
So if you are still using the open-source VLC Media Player on any of the operating systems listed above, you should update it or probably uninstall it for now.
The critical security flaw in VLC was spotted by a German security agency called CERT-Bund. According to the security firm, the flaw could be used by malicious persons for remote code execution.
The flaw can also be used to turn your computer into a zombie computer to cause a DDoS attack.
At the moment, the team behind VLC, VideoLAN, doesn’t seem to have a complete patch for the security flaw. So the best advice may be to uninstall the programme for the moment since your computer may still be at risk.
The team that found the VLC vulnerability described the flaw in a paper it published — CVE-2019-13615. Part of the description explains:
“A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files.”
In short, this security flaw can allow hackers to hijack your PC and go through your files.
Aside from the German security agency discovering the flaw, there have been no reports of exploitation of this flaw. As said earlier, reports from WinFuture suggests the security flaw only affected Windows, Linux, and Unix versions of VLC. That means the macOS version of the VLC Media Player is safe, at least for now.
Needless to say, Windows PCs are even many all around the globe and that constitutes a very big pool of potentially vulnerable systems.
Currently, the VideoLAN team is working on a complete patch for the vulnerability. At the moment, the best thing to do is to uninstall the VLC Player to protect your PC.