Update: Mitre Corporation did not check their claim. This was a false Alarm. Please see the Tweet from VLC at the bottom of this page.
Because of its free and open-source nature, VLC is one of, if not the most popular cross-platform media player in the world. Unfortunately, a newfound and potentially very serious security flaw discovered in VLC means you might want to uninstall it until the folks at the VideoLAN Project can patch the flaw.
Discovered by German security agency CERT-Bund, a new flaw in VLC (listed as CVE-2019-13615) that has been given a base vulnerability score of 9.8, which classifies it as “critical.”
The vulnerability allows for RCE (remote code execution) which potentially allows bad actors attackers to install, modify, or run software without authorisation, and could also be used to disclose files on the host system. Translation: VLC’s security hole could allow hackers to hijack your computer and see your files.
Thankfully, it seems no one has taken advantage of the flaw yet, but with WinFuture reporting that the Windows, Linux, and Unix versions of VLC are all affected (but not the macOS version), there’s a huge number of potentially vulnerable systems out there.
VideoLAN is also aware of the issue and is currently working on a patch, though right now, that patch appears to only be 60 per cent complete. Sadly, that means while people are waiting for a fix, your only recourse to protect yourself from the flaw is to uninstall VLC and switch to an alternative like KMPlayer or Media Player Classic. Or you could take the chance that no one tries to hack you while you wait for a fix. But either way, you’ve been warned.
Update from VLC: