Update VLC: bug allowed the injection of malicious code



[ad_1]


Developers of the popular VLC media player have now released details of a vulnerability that requires software users to make sure that they update the latest version. An inadvertently opened manipulated media file could become a gateway for problematic attacks.

Infographic: All Keyboard Shortcuts for VLC Media Player  Keyboard

The software incorrectly responded to malicious code embedded in Flash media files. In this way, a foreign code could be injected into a system that caused the drive to crash or was running on the machine with user rights. This may already be enough to integrate a system in a botnet, for example.

As a workaround, it is good for the user to take care not to open SWF files with the VLC player. However, as it can be done automatically, if the VLC browser plugins are enabled and the corresponding files are embedded in a web page, it must also provide a deactivation.

The patch is already here

Better yet, of course, is the installation of a corrected version of the errors as soon as possible. Corrected versions of the errors have been available for some time and developers have apparently waited so long to publish the vulnerability information to obtain a more important update. Because only a fraction of the users would probably react fast enough, to give no option to the attackers.

The badysis showed that the bug of version 3.0.0 is entered in the code base and was also included in version 3.0.1. This applies to VLC players on all operating systems. The problem was solved at the end of April with version 3.0.2. Another iteration has arrived in the meantime and the 3.0.3 for Windows computers can be found in our Download Center.

Download VLC Media Player – in the latest version

See also:


  Player, Vlc, Videolan

Player, Vlc, Videolan
Public Domain