The VLC media player, up to version 3.0.7, has two critical vulnerabilities that allow unauthorized access to the computer. In this way, a malicious hacker with such privilege could steal sensitive and even bank information from a user of the player.
VLC is one of the most used media players in the world. Also, it has more than 3 billion downloads. And it runs on major operating systems: Windows, MacOS, Linux and Android and iOS mobile.
Reminiscing: Failures reach version 3.0.7 and earlier.
The researcher Symeon Paraschoudis of Pen Test Partners found the vulnerabilities (CVE-2019-12874 CVE-2019-5439). The first one resides in the “zlib_decompress_extra” function. And a malicious MKV file can exploit it. Furthermore, the second one resides in the “ReadFrame” function and a malicious AVI file can exploit it.
According to the survey, malicious hackers can execute codes arbitrarily by exploiting both vulnerabilities.
To protect yourself, you need to update the application. For that, go to the official VLC page and download the newest version. Remembering: crashes hit version 3.0.7 and earlier. So make sure your version is newer. Today (25), the newest version available is 18.104.22.168.