Malicious code loopholes in VLC player plugged

The media player VLC Player has been released in a secured version. Users should update the application quickly. If attacks are successful, attackers could, in the worst case, execute malicious code.

In a security warning, the developers write of several vulnerabilities, but do not give CVE numbers and risk ratings. If a victim opens media files prepared by an attacker, this can lead to storage errors. The application then crashes. The developers warn, however, that attackers could also execute malicious code with the rights of the victim.

So far, they say they have not seen any attacks. The version armed against such attacks VLC 3.0.12 has been released for Linux, macOS and Windows. A security researcher from NSFOCUS discovered the vulnerabilities.


To home page