![]() TL DR #2: Gizmodo reported on what is a non-issue for most users and scared a lot of people thereby. VLC since version 3.0.3 has the correct version shipped, and did not even check their claim. tl dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago. I'll do my best to not get scared into posting a "PSA: bug report" in the future.Ībout the "security issue" on #VLC : VLC is not vulnerable. Thank you to those users who have supplied further information to me about this issue. I apologize for blowing this out of proportion, and yet I, in all good faith, reported here on what I knew at the time. mkv file (what even are these? has anyone used these in the last 5 years? I kid, I kid. PPS: It seems that the gizmodo article was nothing more than clickbait, or relied on someone with an older version of VLC downloading (and playing in VLC) a malicious. Sorry for the overstatement at first I was reporting based off of what I knew at the time. PS: Comments have stated this to not be as much of an issue as the two articles say, if caution is used and malicious. CERT-Bund has given this a base vulnerability score of 9.8 out of 10. Additionally, hackers can exploit the issue to cause denial-of-service attacks, which is a common function of certain malware. ![]() The security flaw allows for remote code execution (RCE), which gives hackers total access to your computer to install, run, and modify anything on it without your knowledge. HOWEVER, you have to do a lot of stuff in order to make this exploit be anywhere close to an issue for you. TL,DR: VLC has a MAJOR, as-of-yet unpatched security flaw allowing RCE (hackers) onto your PC, Unix or Linux computer. I strongly recommend the K-Lite Codec Pack (Mega Edition, because why not) and the associated Media Player Classic - Home Cinema However, one thing to keep in mind is that VLC is not a China-based software, but is backed and developed French group.If you wish, you can read an article which is based on the first one, but is different and newer: It is likely that the platform was banned along with the 54 Chinese apps, that the Indian government banned in February this year. ![]() ![]() Researchers at Symantec, an arm of American semiconductor manufacturing company Broadcom, discovered that after getting access to the target PC, the attacker used the popular VLC Media Player to install a modified loader on compromised devices.īecause the mobile apps are hosted on Google’s PlayStore and Apple’s App Store servers, and not on the servers where the desktop versions are hosted, they are deemed safe and hence have not been banned. The hacking has been traced to threat actor Cicada, also known as menuPass, Stone Panda, Potassium, APT10 and Red Apollo, which has been active for over 15 years. The cyberattack by Cicada is said to be spread across three continents and is aimed at espionage and has targeted numerous groups involved in political, legal, and religious activities, as well as non-government organisations (NGOs). These hackers mainly targeted users who were downloading their files from the website. In April this year, cybersecurity experts claimed that a hacker group based out of China named Cicada were using VLC Media Player to deliver malware in systems as part of a cyberattack campaign backed by the Chinese government. Moreover, people who have the application installed on their systems can still use the system. People who have the installation files on their local devices or cloud storage can still install the program. Ideally, one should always download software, even freeware like the VLC Media Player from authenticated and the official website. Users can still download the app from popular hosting sites and other third-party websites, but such downloads usually have the risk of carrying infected files that can enable malicious actors to cause some serious damage. VLC threatens to sue DoT and MeitY for blocking website, stopping users from downloading application VLC 3.0 arrives with support for HDR, 360-degree video, 3D audio and Chromecast streaming
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |