German security agency CERT – Bund has just issued a warning to almost all VLC media player users. According to the warning, the agency has just discovered a serious security issue in the latest version of VLC. The agency classified the problem as critical with High level 4 risk assessment while informing its subscribers about the issue. It also clarified that the latest VLC 220.127.116.11 on Windows, Linux, and UNIX platforms are vulnerable to the flaw. This means that macOS users don t have to worry as they are safe. Also Read - Flaw in Facebook Messenger Kids app allowed children to chat with strangersAlso Read - EA Origin security flaw potentially exposed data of 300 million players
A report by WinFuture revealed that no current exploits have been reported in the real world. CERT has also code-named the issue as CVE-2019-13615 providing more details about the issue. This flaw is said to allow hackers to remotely attack your system. In addition to German CERT, NIST from the United States has also issued a similar warning. Hackers can also run random arbitrary code on your system without your permission as part of the hack. They can send you a special video file that can either result in the app crashing or the hidden code running on your system. Also Read - Xiaomi smartphones with pre-installed ‘Security’ app suffer from a dangerous security flaw
VLC developer responds
Some reports online have asked VLC media player users to uninstall the program and look for alternatives. VideoLAN, the company behind VLC has also issued a statement regarding the reports about the security issue. First up, they know about it and are currently working to fix the problem. However, the second thing about this is not what one would expect in most situations. According to the tweet that VideoLAN sent out, it appears that the developer is not happy about the entire thing.
VideoLAN claims that the issue is not as severe as most reports are trying to make it. Jean-Baptiste Kempf, the lead developer at VideoLAN revealed that nobody was able to reproduce the issue. Kempf tried to reproduce this issue on older 3.0.6 version, the current 18.104.22.168 version and the upcoming 3.0.8 version. However, The Register confirmed that they were able to crash the version 3.0.7 on Linux. VideoLAN has not provided any additional details about the matter right now. Unlike other publications, we are not asking you to uninstall the program from your machine. Instead, try using other media players until VideoLAN issues a new update.