If by any chance you are still using this free and open-source video player called VLC you may need to remove it immediately. VLC is one of, if not the most popular cross-platform media players in the world. On a sad note, there has been a newfound and potentially very dangerous security flaw discovered in VLC .
The security flaw was discovered by German security agency CERT-Bund (via WinFuture), a new flaw in VLC (listed as CVE-2019-13615) that has been given a base vulnerability score of 9.8, which classifies it as “critical.”
The vulnerability allows for RCE (remote code execution) which potentially allows bad actors attackers to install, modify, or run software without authorization, and could also be used to disclose files on the host system. Translation: VLC’s security hole could allow hackers to hijack your computer and see your files.
There have been no reports of any hackers taking advantage of the flaw yet, but with WinFuture reporting that the Windows, Linux, and Unix versions of VLC are all affected (but not the macOS version), there’s a huge number of potentially vulnerable systems out there.
The makers of the app, VideoLAN are also aware of the issue and is currently working on a patch, though right now, that patch appears to only be 60 percent complete. Sadly, that means while people are waiting for a fix, your only recourse to protect yourself from the flaw is to uninstall VLC and switch to an alternative like KMPlayer or Media Player Classic.
Or you could take the chance that no one tries to hack you while you wait for a fix. But either way, you’ve been warned.
Update (25/07/2019)
We’re not recommending uninstalling action just yet, because there’s a bit more to the story. The bug report for the issue has been open for four weeks, but VideoLAN president and lead VLC developer Jean-Baptiste Kempf left a series of comments today indicating that the alleged bug isn’t as big a deal as everyone is making it out to be. In three separate comments, he wrote: VideoLAN also took to Twitter to talk about the bug—or rather, the non-bug.
“This does not crash a normal release of VLC 3.0.7.1. “If you land on this ticket through a news article claiming a critical flaw in VLC, I suggest you to read the above comment first and reconsider your (fake) news sources. Sorry, but this bug is not reproducible and does not crash VLC at all.”
VideoLAN also took to Twitter to talk about the bug—or rather, the non-bug.
VideoLAN has published a full explanation for the alleged horrific bug. Everything’s fine!
Pay attention to VLC’s ChangeLog, and wait for the company to release a new version of the player that patches up the bug—if it’s even planning to do so. If a few minor versions (or one major version) go by and all seems well, consider going back to using VLC.
No matter what, make sure you’re always downloading the latest updates for VLC (via Help > Check for Updates). It’s also great to have VLC’s “Activate updates notifier” option enabled in its settings, so you’ll know immediately when it’s time for a new version of the app.
