PSA: Update your copy of VLC to avoid allowing hackers full control of your computer when opening video files
Working For Notebookcheck
Are you a techie who knows how to write? Then join our Team! English native speakers welcome!
News Writer - Details here
VLC is an extremely popular (and useful) open source and cross-platform media player and framework created by the non-profit organization VideoLAN Project. It's known for its ability to play nearly any media files without additional codecs as well as incomplete or partially corrupted files, but security researchers at Pen Test Partners announced a major vulnerability which exploits both .avi and .mkv file formats.
The penetration and security researchers at Pen Test Partners found issues in both .avi and .mkv file decoders which could not only be used to trigger crashes (demonstrated in a proof of concept in their security announcement), but more seriously allow execution of code with the full privileges of the currently logged in user. Without updating to VLC 3.0.7 or newer, any malicious actor could upload doctored media files in either .avi or .mkv formats to popular file-sharing websites and achieve nearly unprecedented access to execute code on victims' computers.
If you haven't downloaded your copy of VLC within the past week or so, you'd best go here to download the latest version which addresses this vulnerability as soon as possible.