VLC is a media player that probably most people know but forget to update. Just like me. A new update to the VLC application takes it to version 3.0.8 which fixes many issues that the app has. One especially dangerous bug could be exploited by hackers – something no-one wants that.
What is VLC?
VLC is a very popular media playing application that’s free on many platforms. These platforms include Android, macOS, Windows, Chrome OS, iOS and more. The app is currently being preserved by VideoLAN – a non-profit organisation.
This update for the VLC app has fixed 15 areas that VLC was exposed in. A Semmle researcher, Antonio Morales Maldonado, had said that he found eleven faults with the app. Not good.
The Semmle research team then explained “The most critical issues fixed are use-after-free and OOB write vulnerabilities. They could each potentially be used by an attacker to execute code on the victim machine through a specially crafted file. Effectively allowing an attacker to take control of the computer,”.
They had also said that there were minor bugs that had been found and reported so that the VLC team could potentially fix it. As well as that, VideoLAN had said that a third-party could trigger a crash of the VLC app or arbitrary code execution with the privileges of the target user. The issues themselves are most likely to just crash the app, they couldn’t exclude the fact that they could be used to leak user information.
People using the app have been advised to not open third-party files or people that they don’t trust. You should also refrain from untrusted sites accessing VLC. Make sure you disable any VLC browser plugins that you may be using.
For the security of your device and your personal data, I would listen to this advice and finally update the apps that you have been “meaning” to update.