Do you use the VLC Media Player to watch downloaded movies?

If so, be aware that researchers have discovered a serious security flaw in the code that allows for remote code execution, which could compromise your system.

The vulnerability is being tracked as CVE-2020-13428 and is described as a buffer overflow issue.

This could allow an attacker to execute commands under the same security level as the currently logged in user.

Fortunately, VideoLan, the company behind the media player, has rushed to fix the issue and released a patch. Version 3.0.11 of the program is currently available for Windows, Mac, and Linux.

VLC Media Player is one of the most popular and flexible media players on the market today and boasts an impressive number of installs. Even if you only make use of it occasionally, if you've got it installed on your system, it is strongly recommended that you take a few moments to install the latest update. The company also took the time to address a few other issues with the code.

Installing the update will also address these issues

  • Fixes HLS regressions
  • Fixes a potential crash on startup on macOS
  • Fixes imprecise seeking in m4a files
  • Fixes resampling on Android
  • Fixes a crash when listing Bluray mount points on macOS
  • Avoid unnecessary permission warnings on macOS
  • Fixes permanent silence on macOS after pausing playback
  • Fixes AAC playback regression

Our perspective

Video playback is something that many of us simply take for granted. Unfortunately, an unpatched version of whatever program you're using could leave the door open to an attack by hackers that could lead to a total system compromise. It's definitely worth checking to see if you've got the player installed, and then verifying that you're running the latest version.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. I have created cost-effective personal service automation solutions, for over 20 years, specializing in reliability, cybersecurity, and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association