Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Critical Bug in VLC Requires You to Wait

July 24, 2019

Normally, when a vulnerability is identified as critical, you should take immediate action. That means installing a patch or uninstalling the software if none is available. VLC is one of the most widely used free open source cross-platform media players in the world. A new flaw listed as CVE-2019-13615 is marked as a "critical" vulnerability with a score of 9.8 out of 10. Some publications have jumped the gun and are recommending immediate removal of VLC from your computer. Not so fast.

Apparently the problem occurs when you download a malicious MKV file from the web and run it. Solution – don't try to run any MKV files. Doh. But wait. The developers of VLC can't even reproduce the problem. It's probably a good idea to avoid MKV files in the short term or use a different media player. At the end of the day, you really don't need to uninstall VLC. Slow down a bit and decide who you want to believe. Like most things in life, aim before you fire.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com