VLC Disputes 'Critical' Security Flaw Claim That Hackers Could Access Your Files

The 'critical' security flaw reportedly affects Windows, Linux and Unix version, but not macOS. VLC representatives say the reports are fake news.
Chris Young

VLC is one of the world's most popular video players, thanks in no small part to its free, open-source build.

Unfortunately, reports suggest that its open-source nature might have also made it vulnerable to hackers. A security flaw, discovered by German security agency CERT-Bund, means that hackers could gain access to your files via the media player.

Before deleting VLC, it might be worth hearing the video player's representatives out though: they say it's all "fake news."


An alleged 'critical' flaw

As Gizmodo reports, German security agency CERT-Bund discovered a very serious flaw (via WinFuture) in VLC (listed as CVE-2019-13615). The flaw was given a base vulnerability score of 9.8, which classifies it as “critical.” Gizmodo recommends deleting VLC "until the folks at the VideoLAN Project can patch the flaw."

The vulnerability allegedly allows for RCE (remote code execution). This type of flaw can allow hackers to install, modify, or run software on a users computer without authorization. It could also be used to find and look through a computer's files.

VLC Disputes 'Critical' Security Flaw Claim That Hackers Could Access Your Files
Source: B_A/Pixabay

Gizmodo reports that the Windows, Linux, and Unix versions of VLC are all affected, but not the macOS version. If true, that is a huge amount of vulnerable users.

However, new reports suggest that is a big 'if.'

Fake cybersecurity news?

As per Lifehacker, the bug report for this issue has been open for four weeks, but VideoLAN president and lead VLC developer Jean-Baptiste Kempf has just recently left a series of comments suggesting the reports are "fake news."

Kempf made the following comments:

“This does not crash a normal release of VLC"

“If you land on this ticket through a news article claiming a critical flaw in VLC, I suggest you to read the above comment first and reconsider your (fake) news sources.”

Most Popular

“Sorry, but this bug is not reproducible and does not crash VLC at all.”

VideoLAN organization, the group behind VLC, also tweeted the following:

message circleSHOW COMMENT (1)chevron