You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Update 7/24: VideoLAN took to Twitter earlier this morning to clarify that the security issue discovered by CERT-Bund is not as severe as reported. VideoLAN says the issue was in a 3rd party library, called libebml, which was fixed more than 16 months ago. Mitre's claim was based on a previous (and outdated) version of VLC, not 3.0.3 or more recent, which has the corrected version.
About the "security issue" on #VLC : VLC is not vulnerable.tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.Thread:July 24, 2019
Over on the National Vulnerability Database, the VLC issue has now been downgraded from a 9.8 to a 5.5 vulnerability score. The related entry in VideoLAN's public bug tracker also lists the issue as fixed.
In other words, don't panic and uninstall VLC, but you should definitely make sure that it's properly updated. The current version is 3.0.7.1.
Original story:
If you still have the popular open-source VLC media player installed on your computer, you might want to uninstall it temporarily. A critical security flaw was recently discovered by German security agency CERT-Bund, and VideoLAN doesn't have a complete patch at the moment.
The security flaw allows for remote code execution (RCE), which gives hackers total access to your computer to install, run, and modify anything on it without your knowledge. Additionally, hackers can exploit the issue to cause denial-of-service attacks, which is a common function of certain malware. CERT-Bund has given this a base vulnerability score of 9.8 out of 10.
To make things a little more scary, all Windows, Linux, and Unix versions of VLC are affected, but not the macOS version. And without a complete patch (the one VideoLAN is working on is only 60 percent complete), the only way to keep your computer safe for the moment is to uninstall VLC. So, if you're running any one of the affected operating systems and you have VLC installed, you're exposed.
In the meantime, you can use another video player like KMPlayer, Media Player Classic, or Plex Media Player.
Thanks, Gizmodo.
