VLC Player Update: confusion about critical vulnerability

Posted on by

BSI and CERT-Bund warning of a security hole to snooze in the current Version of the VLC Player. Update: The VLC developers disagree.

On Twitter the makers of the VLC Player to announce that the critical vulnerability, before the CERT is warning the Federal government (see original message), has already been fixed: 16 months ago. The error was at the time not on VLC Player, but in an outdated Third-party library. Since the VLC Version 3.03 of the Media Player to be sure.

The VLC creators criticize the CERT-Bund, to not have to be included prior to the publication of the alleged incident stores contact you. So the creators would have been able to tell the story before. For the time being, an all-clear for the user of the VLC Player is so.

Original message from 22. July:

The Federal office for information security, and information security (BSI) or the docked Computer Emergency Response Team of the Federal administration (CERT-Bund), to make a critical security vulnerability carefully, which makes the VLC Player and the devices on which it is installed, for cyber-attacks and vulnerable. Since the 19th century. July is the warning and applies until such time as VLC closes the security gap with an Update. Until then, it is advisable to take some steps to avoid attacks.

Is affected, the VLC-Version 3.0.7.1 for Windows, Linux and Unix. So far, no cases are known in which hackers are exploiting the found vulnerability, but the risk potential is high. The vulnerability allows to execute a program code, to harass the device with DDoS attacks, to spy out data or to change. The original message is from the official website of the BSI.

Since the Software was noticed with the version number 3.0.6 due to security vulnerabilities, it is not advisable to use a previous Version of the VLC media player. Perhaps older versions are also uncertain. Therefore, users should not use the free and widely used media player for the time being.

So far, VLC related is still no official position, and an Update to eliminate the vulnerability, is yet to come. As long as the security update is in the works, can help users with alternative media players. A candidate for this purpose, for example, media player Kodi, can over add-ons to customize is – both in scope of function as well as in the Layout.

SHARE ON
TwitterFacebookWhatsAppGoogle+BufferLinkedInPin It

See also:

  1. Windows 10: Updates to plug all security gaps
  2. Windows 10 January 2019 Update comes automatically on PCs with Stand 1809
  3. Windows 10 may 2020 Update: ISO-Download via Tool available and known issues
  4. VLC Player update now – BSI warns of multiple vulnerabilities
  5. Avira Antivirus update now: BSI warns of critical vulnerability
  6. Windows patch Tuesday in January: Update fixes critical NSA-gap
  7. Vulnerability in Windows: System update urgently
  8. WhatsApp vulnerability: Potential danger from video calls
  9. NetSpectre: CPU vulnerability enables remote data theft
  10. Microsoft warns that attackers use the vulnerability in Internet Explorer