Since I know many people who read me regularly also use VLC media player (and those that don’t would probably use it if they tried it once), I’m dedicating this top space to a warning that you should update to the 0.8.6e version of VLC Player immediately. A number of security vulnerabilities were found in the Web interface, Subtitle demuxer, Real RTSP demuxer, SDL_image library and MP4 demuxer. If you don’t understand what those individual components are, that’s okay. What’s most important is that not fixing a VLC Media Player vulnerability can potentially compromise your computer and allow rotten people to run malicious code on your computer.
It’s really unfortunate that someone decided to exploit subtitles as a way to attack other computers. The community of people who volunteer to subtitle videos is pretty fantastic overall and is a great example of people trying to make content online better.
This version doesn’t fix all outstanding vulnerabilities in VLC, but it closes the most gaping holes. One recommended course of action in the meantime is to not run subtitles you don’t trust. That’s far from helpful advice since anyone that downloads subtitles from the web for videos in your library is unlikely to know where they came from – so until all gaps are closed, get the 0.8.6e update and avoid subtitles in general.
