![]() UPDATE: A couple of hours ago, VLC updated its bug tracker, listing the flaw as ‘fixed’.VLC media player is a free, open source software for displaying and broadcasting multimedia content. The only true fix offered so far is to uninstall VLC and to wipe-clean the system’s registry to deal with any residues. VLC promised a patch, but it’s still pretty far behind on actually delivering it. What we know so far is that the very same 3 rd party library which VLC ‘fixed’ 16 months ago appears to be backfiring. You don’t need to make the switch for good just until the infection’s contained. So, if you want to watch your favorite videos without having to worry about malware, use a Mac. I know that it sounds a little off, but according to VLC, the bug’s confined to Windows, Linux, and Android. If you plan on uninstalling VLC, don’t forget to use a tool like CCleaner to get rid of any residue hiding in the registry. There are tons of open-source video players like VLC on the web – KM Player, GOM Player, DivX, RealPlayer, XBMC Media Player, just to name a few. Seek an alternative video playerĪnother way to ensure that malware doesn’t seep into your machine due to the VLC flaw is to delete the software altogether and to use a different player. Yes, that will be a nuisance, but there’s actually a quicker way to do that – AV solutions like Heimdal™ Free feature automatic software patching engine that scans your PC and updates all your favorite apps. However,that will take a very long time since you would have to actually seek out the outdated apps and compare versions. Of course, you can always try to manually patch every bit of software you have on your device. Over 80% of malware infiltrations occur due to outdated or unpatched software. mkv from an untrusted source like Pirate Bay, you risk triggering the VLC flaw. My advice to you: stick with original content and stream whenever you can. However, VLC is quite appreciated by people who pirate content instead of paying for it. There’s a perfectly good reason why so many choose VLC over BSPLayer or other video decoders: it’s light, runs on almost every platform, and can play any video extension. VLC is, without a doubt, one of the most ‘abused’ open-source players. Don’t download and open videos from untrusted sources Now, if you really want to buck up on your cybersecurity, you could also try these tips: 1. In the meantime, VLC advises its customers to use as many security layers as possible and to uninstall the product until the patch is released. Per the company’s statement, the patch is about 60 percent complete, but no development timeline has been posted so far. Unfortunately, VLC is still far behind on delivering a fix for the CVE-2019-13615 issue. Upon decoding, the file would have injected code in the system, leading to denial-of-access or complete data loss. To be able to exploit this defect, the malicious agent would to craft a. VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp. MITRE’s description of the VLC flaw reads: ![]() With VLC’s ad-libs, the bug’s been downgraded from 9.8 to 5.5, which translates to “medium” on the vulnerability scale. Interestingly enough, the library found to be responsible for the flaw received a fix approximately a year ago. VLC later invalidated CERT-Bund’s appraisal, saying that the issue isn’t that critical. CERT-Bund analysis revealed that the backdoor agent would have allowed anyone to write/read memory, inject code, deactivate AV software, and steal data without the user being aware of the intrusion. ![]() The library in question, called Libebml was found to contain a vulnerability which potentially allowed malicious actors to run code in the background. However, upon closer inspection, VLC’s debug team traced the flaw to a defective library, managed by a third-party. This translates to a critical, zero-day flaw. Initially flagged by CERT-Bund on July the 19 th, the VLC flaw, known by its technical name of CVE-2019-13615, received a 9.8 vulnerability score. VLC set on to address the issue but disclosed that the patch is about 60% complete. This, in turn, would grant cybercriminals rights to download, install, write, and rename software without authorization. A company release note stated that the flaw, coined CVE-2019-13615, allowed malicious remote code execution on the machine. VideoLan Player, one of the most popular and ‘modable’ open-source video players, may be prone to backdoor attacks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |