VideoLAN clarifies VLC isn't vulnerable; issues were already fixed in older update

The security issue was present on an older version of VLC because of a third-party library.


Update: Earlier, we had reported that popular media player VLC had a critical security issue that made it vulnerable for hackers to remotely control some aspects of the victim's machine. However, VideoLAN says that VLC isn't vulnerable currently and the issue was present because of a third-party library (called libebml) that was fixed 16 months ago. The current 3.0.3 or later version of VLC doesn't have the security issue and the vulnerability claim was based off on an older version.

VideoLAN took to Twitter to address the security concern. If you're running the latest version of VLC (3.0.7.1) then you don't need to worry about anything.

Original story:

VLC Media Player is a highly popular and free media player that's been available for a long time. Since VLC is open-source software, it is easily accessible to everyone but it turns out that there is a huge security flaw in it. According to WinFuture, German security agency CERT-Bund has found a flaw in VLC that has a vulnerability score of 9.8 making it a "critical" problem. In simple words, because of this app, hackers can install, modify, or run software on your device that too without your authorisation.

VideoLAN clarifies VLC isnt vulnerable; issues were already fixed in older update

VLC AirPlay support

As per a Gizmodo report, no one has yet been affected because of it. But this does not mean, that there are not potentially vulnerable systems that can be affected anytime.

(Also read: Google takes down seven Russian spying apps from its Play Store)

VideoLAN is probably working on rectifying the flaw already. This means you still have to wait until the company releases an update. Hence, a safer option would be to switch to an alternative like Media Player Classic, MX Player, KM Player and so on.

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.