Warning – VLC Media Player Vulnerability

Posted by

Since I know many people who read me regularly also use VLC media player (and those that don’t would probably use it if they tried it once), I’m dedicating this top space to a warning that you should update to the 0.8.6e version of VLC Player immediately. A number of security vulnerabilities were found in the Web interface, Subtitle demuxer, Real RTSP demuxer, SDL_image library and MP4 demuxer. If you don’t understand what those individual components are, that’s okay. What’s most important is that not fixing those vulnerabilities can potentially compromise your computer and allow rotten people to run malicious code on your computer.
This version doesn’t fix all outstanding vulnerabilities in VLC, but it closes the most gaping holes. One recommended course of action in the meantime is to not run subtitles you don’t trust. That’s far from helpful advice since anyone that downloads subtitles from for videos is unlikely to know where they came from – so until all gaps are closed, get the 0.8.6e update and avoid subtitles in general.
More details about the security breach are available from Secunia. This is also a good time to remind you that installing Secunia Personal Software Inspector is a great way to track thousands of software applications and their updates. Secunia does a great job of identifying which applications on your system are out of date. It goes further in identifying which updates are critical as opposed to merely incremental improvements than anything else I’ve seen. I run it. It’s free. I strongly recommend using Secunia PSI to keep your computer software up to date and free of vulnerabilities.

Advertisements