Do you use the VLC Media Player to watch downloaded movies and other videos?
If so, be aware that researchers have discovered a serious security flaw in the code that allows for remote code execution, which could compromise your system.
The vulnerability is being tracked as CVE-2020-13428 and is described as a buffer overflow issue.
This could allow an attacker to execute commands under the same security level as the currently logged in user.
Fortunately, VideoLan, the company behind the media player, has rushed to fix the issue and released a patch. Version 3.0.11 of the program is currently available for Windows, Mac and Linux.
VLC Media Player is one of the most popular and flexible media players on the market today, and boasts an impressive number of installs. Even if you only make use of it occasionally, if you’ve got it installed on your system, it is strongly recommended that you take a few moments to install the latest update. The company also took the time to address a few other issues with the code.
Installing the update will also address the following issues:
- Fixes HLS regressions
- Fixes a potential crash on startup on macOS
- Fixes imprecise seeking in m4a files
- Fixes resampling on Android
- Fixes a crash when listing bluray mountpoints on macOS
- Avoid unnecessary permission warnings on macOS
- Fixes permanent silence on macOS after pausing playback
- Fixes AAC playback regression
Video playback is something that many of us simply take for granted. Unfortunately, an unpatched version of whatever program you’re using could leave the door open to an attack by hackers that could lead to a total system compromise. It’s definitely worth checking to see if you’ve got the player installed, and then verifying that you’re running the latest version.