The update included fixes for 33 vulnerabilities in total, of which two were marked critical, 21 medium and 10 rated low. According to a recent report, a famous Chinese hacker group was able to combine VLC Media Player with a dangerous exploit, deploying malware to users. Last month, VideoLAN released the biggest single security update for VLC Media Player in the history of the programme. VideoLAN, the not-for-profit organisation beind VLC Media Player, says it has been working on a patch for the flaw for the last four weeks, and is 60 percent through. The issue has been detected in the Windows, Linux and UNIX versions of VLC, however the macOS version appears to be unaffected.
Known as CVE-2019-13615, the vulnerability is found in the latest edition of the software, VLC Media Player version 3.0.7.1, and is rated at 9.8 in NIST's National Vulnerability Database, meaning it can be labelled as 'critical'. VLC Media Player is about to hit 3bn downloads, with new features on the wayĪccording to CERT-Bund, the flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files, and overall disruption of service, meaning users could see their devices hijacked and made to run malicious code of software.VLC for Nintendo Switch and PS4 could be on the way.Researchers from German firm CERT-Bund say they have detected a major safety flaw in the video player, which has been downloaded billions of times across the world, which could allow hackers access to compromise users' devices.Īlthough the vulnerability is yet to be exploited by hackers publicly to date, it poses an increasing threat for users of the popular software.