Tuesday, June 23, 2020

VLC vulnerability, CVE-2020-13428!! Your VLC media player may place your computer to security risks.

The well-known open-source media player VLC  recently released (read full vulnerability report here)a security bulletin and released a new version. This security bulletin contains a high-risk level security vulnerability.
This security vulnerability can trigger the remote execution of arbitrary code. Of course, the vulnerability has been fixed before disclosure, so users need to upgrade to a new version. The security
vulnerability is CVE-2020-13428.
The vulnerability mainly affects the hardware accelerated codec that comes with the VLC player, and the codec with the vulnerability is only used on macOS and iOS.
This means that versions such as Windows, Linux, and Android are not affected. Of course, other vulnerabilities are fixed this time so all users need to perform the upgrade.
In terms of vulnerability exploitation, the attacker only needs to create a targeted media file and induce the user to play this media file, as long as the user uses VLC to play.
Of course, we should remind everyone here that files of unknown daily origin should not be opened easily, even media files such as videos or music.

No comments:

Post a Comment