Touted as one of the best PC video players, VLC Video Player has recently revealed that a vulnerability has been identified in its program, alerting users around the world and raising the question of whether or not this breach could be exploited.
According to the team responsible for the discovery, the issue is related to the execution of MKV-based files, allowing a series of actions that can be taken from crashing the player to manipulating files on the vulnerable computer.
Already indexed in the Common Vulnerability Scoring System (CVSS), the issue in question has no cataloged patch yet, and at least apparently there are no active exploit records for that issue either, which would at least make the user more relaxed.
Despite the warning, VideoLAN, the program manager, responded through his Twitter account that the notification in question is false, complaining that MITER Corp. (bug fixer) never even approached the development team about the issues. reporting the status of “fake news”.
Hey @MITREcorp and @CVEnew , the fact that you NEVER ever contact us for VLC vulnerabilities for years before publishing is really not cool; but at least you could check your info or check yourself before sending 9.8 CVSS vulnerability publicly…
— VideoLAN (@videolan) July 23, 2019
The most complicated part of the discussion is that, as long as they do not understand each other, a possible risk to user security can exist and be exploited and, if it does exist, it has gained more notoriety and attention from everyone (including those who are capable of it). to explore) with the chatter between them.
Thus, at least for now, the best thing to do is to be aware of files obtained from “unreliable” sources, which include not only the media file but also the installation file of the program itself. Also, it is valid to keep it always up to date.
So who do you think is right in the discussion? Tell us in the comments!