all 3 comments

[–]fred_red_beans 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (0 children)

Sadly, that means while people are waiting for a fix, your only recourse to protect yourself from the flaw is to uninstall VLC

or just not run it, there's no background process

[–]OmegaUser296 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (0 children)

[Update 8:35 AM] Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially appeared. VideoLAN says the “security issue” in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.

[Update 10:30 AM] The VLC CVE on the National Vulnerability Database has now been updated, downgrading the severity of the issue from a Base Score of 9.8 (critical) to 5.5 (medium), with the change log also specifying that the “Victim must voluntarily interact with attack mechanism.”

[–]solder0 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

D: Wut!