[ad_1]
The days went by the news that VLC Media Player 3.0.7.1 had a security vulnerability (CVE-2019-13615) that could allow remote code execution. In the days, the VLC team broke their teeth on the good German. Because the described gap is incomprehensible.
Jean-Baptiste Kempf and others had tried it in versions 3.0.7.1, 3.0.6 and 4.0.0-20190723-0832 Nightly. No result. Then they vented once on Twitter.
Hey @MITREcorp and @CVEnew , the fact that you NEVER contact us for vulnerabilities VLC years before publishing is really not cool 9.8 Vulnerability on CVSS publicly … but at least you could check your information or check yourself before you start. ;to send
– VideoLAN (@videolan) July 23, 2019
VLC "Critical Flaw" is available at the moment, does not replicate to version 3.0.6, 3.0.7+ or a night version on Windows or other platforms. The technical media are sometimes terrible. (TechRadar, Gizmodo, Inq., Etc.)
– Rafael Rivera (@WithinRafael) July 24, 2019
The problem is that the media has already reported this vulnerability and damaged the image of VLC. For a short time, there was already a VLC 3.0.8 on the FTP. But he retired very quickly.
But even if this space (CVE-2019-13615) is not reproducible, you should always pay attention. Because every video you download on the net can be modified. But here, a "shovel" spirit is enough and should not panic immediately, or even uninstall the VLC. Because all the other players can contain a gap.
Let's wait and see how that develops.
[ad_2]
Source link
