Don’t Uninstall VLC
Don’t Uninstall VLC
Don’t Uninstall VLC: “The sky is falling; uninstall VLC now!” That’s the guidance a few sites are giving. Be that as it may, the indicated VLC defect is exaggerated and, as per VLC’s designers, may not be a genuine hazard.
This upheaval all began with the production of CVE-2019-13615, which is set apart as a “basic” powerlessness with a score of 9.8 out of 10. VLC’s designers are disturbed they weren’t reached before the distributing of this imperfection.
Hello @MITREcorp and @CVEnew , the way that you NEVER ever get in touch with us for VLC vulnerabilities for quite a long time before distributing is truly not cool; yet in any event you could check your data or check yourself before sending 9.8 CVSS powerlessness openly…
-VideoLAN (@videolan) July 23, 2019
In any case, it’s awful, isn’t that so? That is 9.8 out of 10 as security imperfections go, it sounds like an approaching atomic strike. This defect could purportedly bring about remote code execution, which is awful. Assailants could deal with your framework through a bug in VLC.
As the CVE clarifies, this defect requires playing a twisted MKV record. In principle, on the off chance that you download a pernicious MKV record from the web and run it, it could bargain VLC albeit nobody asserts this has ever occurred in reality. Additionally, the macOS rendition of VLC doesn’t appear to be influenced.
In this way, regardless of whether this defect is as awful is it shows up, you simply must be cautious about MKV documents don’t download untrusted MKV records and play them in VLC until a fix is discharged. Avoid MKV in case you’re pilfering media.
In any case, one moment! VLC’s designers state they can’t imitate the issue, proposing that there are not kidding issues with the first adventure report.
Did you by any chance check this?
Nobody can replicate this issue here.
– VideoLAN (@videolan) July 23, 2019
By the day’s end, it’s likely a smart thought to avoid downloaded MKV records until VLC patches this blemish. Yet, that is all you would truly need to do, and even that is being somewhat distrustful.
As VLC’s designers clarify on the VideoLAN bug tracker:
“Apologies, yet this bug isn’t reproducible and does not crash VLC by any stretch of the imagination.” – Jean-Baptiste Kempf
“On the off chance that you arrive on this ticket through a news story guaranteeing a basic defect in VLC, I recommend you to peruse the above remark first and rethink your (phony) news sources.” – Francois Cartegnie
“This does not crash an ordinary arrival of VLC 22.214.171.124” – Jean-Baptiste Kempf