PS: VLC users don’t need to uninstall it to stay protected from the vulnerability. You just have to ensure that it is updated to the latest version.
Original story continues from here [Published on July 24, 2019]
If you still use the popular open-source VLC Media Player, you might want to uninstall it (at least for now). German security agency CERT-Bund has discovered a critical security flaw in VLC that could be used by attackers for remote code execution or cause a DDoS.
The worst part is that VideoLAN (the team behind VLC) doesn’t have a complete patch at the moment and until it rolls out one, your PC remains vulnerable.
Vulnerability in VLC Media Player
The vulnerability, described in CVE-2019-13615, reads:
“A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files.”
In short, this security flaw can allow hackers to hijack your PC and go through your files.
A fix on the way
Fortunately, there have been no reports of exploitation of this flaw. WinFuture reports that Windows, Linux, and Unix versions of VLC have been affected by the security hole, but the macOS version remains safe.
Nevertheless, it totals up to a huge number of potentially vulnerable systems out there.
VideoLAN has been informed of the issue and the team is currently working on a patch. However, the patch is nearly 60% complete. We will have to wait longer for a fix.