you are viewing a single comment's thread.

view the rest of the comments →

[–]OmegaUser296 7 insightful - 2 fun7 insightful - 1 fun8 insightful - 2 fun -  (0 children)

[Update 8:35 AM] Based on a tweet by VideoLAN, VLC may not be as vulnerable as it initially appeared. VideoLAN says the “security issue” in VLC was caused by a third-party library called Libebml that was fixed 16 months ago, and that Mitre’s claim was based on a previous (and outdated) version of VLC.

[Update 10:30 AM] The VLC CVE on the National Vulnerability Database has now been updated, downgrading the severity of the issue from a Base Score of 9.8 (critical) to 5.5 (medium), with the change log also specifying that the “Victim must voluntarily interact with attack mechanism.”