UPDATE (25 July / 11:48 AM):
VideoLAN has put up a long Twitter thread explaining the situation. The very first tweet even comes with a summary, saying that it’s an issue that was fixed over 16 months ago. The entire thread makes for an insightful read, so it’s worth taking the time out to do so.
About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.Thread:
— VideoLAN (@videolan) July 24, 2019
ORIGINAL STORY (24 July / 1:33 PM):
VLC is a very popular multi-platform media player. That being said, the safety of its use has come into question recently, due to conflicting reports on a vulnerability. To start, a new security flaw has been discovered in VLC, which basically opens up your computer to hackers.
The vulnerability allows hackers to look at the files in your computer, as well as manipulate them. run software without your consent. This vulnerability applies to the Windows, Linux and Unix versions of VLC. The macOS and mobile versions are oddly not mentioned as being affected by the same vulnerability.
Did you even check this?
No one can reproduce this issue here.— VideoLAN (@videolan) July 23, 2019
All that being said, the flaw reportedly requires playing a malformed MKV file. Playing that very specific file is said to then crash and compromise the VLC player. But even then, the developers of VLC themselves claim that they are unable to reproduce the issue.
In the end, it’s up to you to decide which side of the story to believe. Taking both into account, you should be safe as long as you stay away from MKV files downloaded off the internet for the time being. And if you’re someone who uses VLC for music only, then you should be fine.
(Source: Gizmodo, Lifehacker, How-To Geek. Image: VideoLAN)
