If you still use the popular open-source VLC Media Player, you might want to uninstall it (at least for now). German security agency CERT-Bund has discovered a critical security flaw in VLC that could be used by attackers for remote code execution or cause a DDoS.
The worst part is that VideoLAN (the team behind VLC) doesn’t have a complete patch at the moment and until it rolls out one, your PC remains vulnerable.
Vulnerability in VLC Media Player
The vulnerability, described in CVE-2019-13615, reads:
“A remote, anonymous attacker can exploit a vulnerability in VLC to execute arbitrary code, create a denial of service state, disclose information, or manipulate files.”
In short, this security flaw can allow hackers to hijack your PC and go through your files.
A fix on the way
Fortunately, there have been no reports of exploitation of this flaw. WinFuture reports that Windows, Linux, and Unix versions of VLC have been affected by the security hole, but the macOS version remains safe.
Nevertheless, it totals up to a huge number of potentially vulnerable systems out there.
VideoLAN has been informed of the issue and the team is currently working on a patch. However, the patch is nearly 60% complete. We will have to wait longer for a fix.
For now, the only way to protect yourself from this flaw is to uninstall VLC and switch to alternative media players.