VLC Media Player has a critical security flaw that can allow hackers to access a user's computer. According to the cybersecurity agency CERT-Bund, which discovered the bug using a .MP4 file, a malicious person could extract data and modify files. The vulnerability was revealed last week but has not yet been fixed. VLC, the famous PC audio and video player, has over 3.1 million installations on various operating systems.
Five free video players for Windows PCs
UPDATE: VideoLan, the non-profit organization responsible for VLC Media Player, released a statement on its Twitter account denying that the software had the reported security flaw. The note also states that CERT-Bund did not seek the company for clarification. Read the full statement: https://twitter/videolan/status/1153963312981389312
VLC presents serious security flaw in its latest version Photo: Reproduction / Elson de Souza
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
The software breach caused by over reading the buffer memory, which is a temporary form of data storage. The failure allows remote execution of unauthorized codes, modifications and disclosures of data and files, as well as interruption of services. This means that users may have their computers hacked to execute malicious code.
"An anonymous remote attacker could exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information or manipulate files," explains the CERT-Bund study.
The flaw was discovered in the latest version of VLC, number 184.108.40.206, but may also be present in previous editions of the program. The bug received a score of 9.8 out of 10 in the National Institute of Standards and Technology (NIST) Vulnerability Database, which ranks it as critical.
VideoLan, the nonprofit organization responsible for VLC Media Player, said it has been working on a patch for four weeks to correct the bug. According to the developers, the solution is already 60% complete. Although there is no indication that the vulnerability has been exploited by cybercriminals, it is recommended to avoid using VLC until the patch is released.
The vulnerability has been identified in versions of VLC for Windows, Linux and Unix, but macOS system users appear unaffected.