Do you use the VLC Media Player to watch downloaded movies and other videos?
If so, be aware that researchers have discovered a serious security flaw in the code that allows for remote code execution, which could compromise your system.
The vulnerability is being tracked as CVE-2020-13428 and is described as a buffer overflow issue.
This could allow an attacker to execute commands under the same security level as the currently logged in user.
Fortunately, VideoLan, the company behind the media player, has rushed to fix the issue and released a patch. Version 3.0.11 of the program is currently available for Windows, Mac and Linux.
VLC Media Player is one of the most popular and flexible media players on the market today, and boasts an impressive number of installs. Even if you only make use of it occasionally, if you've got it installed on your system, it is strongly recommended that you take a few moments to install the latest update. The company also took the time to address a few other issues with the code.
Installing the update will also address the following issues:
- Fixes HLS regressions
- Fixes a potential crash on startup on macOS
- Fixes imprecise seeking in m4a files
- Fixes resampling on Android
- Fixes a crash when listing bluray mountpoints on macOS
- Avoid unnecessary permission warnings on macOS
- Fixes permanent silence on macOS after pausing playback
- Fixes AAC playback regression
Video playback is something that many of us simply take for granted. Unfortunately, an unpatched version of whatever program you're using could leave the door open to an attack by hackers that could lead to a total system compromise. It's definitely worth checking to see if you've got the player installed, and then verifying that you're running the latest version.
About the Author
Marty Parker
Owner & General Manager
Marty is the Owner and General Manager of Heritage Digital. Marty has managed and built high-performing IT teams for over 30 years. He served 13 years in the manufacturing industry and 13 years in corporate-owned healthcare organizations. Before acquiring Heritage Digital, Marty was the Chief Information Officer of Carolinas Hospital System (now MUSC Health Florence Medical Center) in Florence, SC. Marty is passionate about educating and protecting people against cybercriminals.
