You Might Want To Uninstall VLC. Immediately.

Image: VLC

Because of its free and open-source nature, VLC is one of, if not the most popular cross-platform media player in the world. Unfortunately, a newfound and potentially very serious security flaw discovered in VLC means you might want to uninstall it until the folks at the VideoLAN Project can patch the flaw.

Discovered by German security agency CERT-Bund (via WinFuture), a new flaw in VLC (listed as CVE-2019-13615) that has been given a base vulnerability score of 9.8, which classifies it as “critical.”

The vulnerability allows for RCE (remote code execution) which potentially allows bad actors attackers to install, modify, or run software without authorization, and could also be used to disclose files on the host system. Translation: VLC’s security hole could allow hackers to hijack your computer and see your files.

Thankfully, it seems no one has taken advantage of the flaw yet, but with WinFuture reporting that the Windows, Linux, and Unix versions of VLC are all affected (but not the macOS version), there’s a huge number of potentially vulnerable systems out there.

VideoLAN is also aware of the issue and is currently working on a patch, though right now, that patch appears to only be 60 per cent complete. Sadly, that means while people are waiting for a fix, your only recourse to protect yourself from the flaw is to uninstall VLC and switch to an alternative like KMPlayer or Media Player Classic.

Or you could take the chance that no one tries to hack you while you wait for a fix. But either way, you’ve been warned.


Comments

    Eh, seems a bit extreme, given the discussion around bug report which preceded raising the CVE is pretty alarmist. I'm sure playing all of your existing media should be fine, and some vigilance in not opening up any old media file you find lying around online.

    At worst, how about just not opening up VLC until an update comes down the pipe?

Join the discussion!

Trending Stories Right Now