If you still have that popular open-source VLC Media Player running on your PC, you might want to uninstall it straight away.
The security flaw enables remote code execution (RCE) which gives hackers complete access to the user’s computer to install, run, and modify anything on it without the user’s knowledge. In addition to this, hackers can also exploit the issue by causing denial-of-service attacks, which is not a new function of certain malware. CERT-Bund has marked this a base vulnerability score of 9.8 out of 10.
Known as CVE-2019-13615, the vulnerable flaw is identified in the latest edition of the software, VLC Media Player version 184.108.40.206, and is rated at 9.8 in NIST’s National Vulnerability Database, meaning it can be labeled as ‘critical’.
Also, all Linux, Windows, and Unix versions of VLC are affected except the macOS version, which just makes things a little scarier. And without a complete patch (the one VideoLAN is working on is only 60% complete), the only way to safeguard your PC for the moment is to uninstall VLC.
Last month, VideoLAN launched the biggest single security update for VLC Media Player in the history of the program. The update included security fixes for 33 vulnerabilities in total, of which two were marked critical, 21 medium and 10 rated low.
Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially seemed. VideoLAN says the “security issue” in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.
So, if you are using any one of the affected operating systems and you have VLC installed, you are exposed.