UPDATE: VideoLAN, the company behind VLC Player, has said that the software is "not vulnerable" to the flaw originally reported by CERT-Bund.
In a tweet (opens in new tab), the company said that the "security issue" concerns a thrid party library called libebml, which it says was fixed more than 16 months ago.
VideoLAN says that all editions of VLC since version 3.0.3 have had the correct version shipped, and that users should not be worried, as long as they have an updated version - with the current edition to download being v.3.07.01.
Original story: Popular media software VLC Media Player has a critical software vulnerability that could put millions of users at risk, security researchers have warned.
Researchers from German firm CERT-Bund say they have detected a major safety flaw in the video player, which has been downloaded billions of times across the world, which could allow hackers access to compromise users' devices.
Although the vulnerability is yet to be exploited by hackers publicly to date, it poses an increasing threat for users of the popular software.
- VLC for Nintendo Switch and PS4 could be on the way
- How to convert videos with VLC
- VLC Media Player is about to hit 3bn downloads, with new features on the way
According to CERT-Bund, the flaw enables remote code execution (RCE), unauthorised modification and disclosure of data/files, and overall disruption of service, meaning users could see their devices hijacked and made to run malicious code of software.
Known as CVE-2019-13615, the vulnerability is found in the latest edition of the software, VLC Media Player version 126.96.36.199, and is rated at 9.8 in NIST's National Vulnerability Database, meaning it can be labelled as 'critical'.
The issue has been detected in the Windows, Linux and UNIX versions of VLC, however the macOS version appears to be unaffected.
VideoLAN, the not-for-profit organisation beind VLC Media Player, says it has been working on a patch for the flaw for the last four weeks, and is 60 percent through.
Last month, VideoLAN released the biggest single security update for VLC Media Player in the history of the programme. The update included fixes for 33 vulnerabilities in total, of which two were marked critical, 21 medium and 10 rated low.
- Best free anti-malware software of 2019