VLC doesn’t update automatically but does have notification ( Tools > Preferences > Privacy & Network Interaction > Activate Update Notifier) that is enabled to check for new versions every three days by default.įollow on Twitter for the latest computer security news. Some reporters were more than distasteful, insulting, impatient, trying to get 2 times the bounty for the same bug, or even reporting the issues to other programs (Android one) to get more money.Īs explained by VideoLAN’s alert, anyone running 3.0.6 and earlier should update to 3.0.7 as soon as possible, refraining from opening files from untrusted third parties until they do. Not all of the “hackers” who send VideoLAN news of security weaknesses are helpful either: What about you give money to VLC instead of random hackers? Interestingly, Kempf admits he’s not a fan of bug bounties on the basis that they incentivise researchers to find flaws but not the fixes for the flaws. However, according to Kempf, the number of fixes this time was directly connected to the bug bounty sponsorship offered under the EU-FOSSA 2 program, which rewards hackers for finding critical flaws in open source software used by EU institutions.īy the standards of proprietary programs, this is pretty modest – only $220,000 had been scheduled for payment via the Intigrity/Deloitte and HackerOne platforms as of April 2019 – but this is still a step up for open source reporting, which normally relies on researchers looking for kudos alone.īut providing fixes for open source flaws doesn’t solve the question of who will create the fix, which is why EU-FOSSA 2 offers a 20% bonus to researchers who take the time to do that. The number of vulnerabilities serves to remind of the complexity of media players, which must support numerous file formats, Codecs, and text renderers, any one of which can open security holes. The mediums, meanwhile, are described by VideoLAN’s Jean-Baptiste Kempf as “mostly out-of-band reads, heap overflows, NULL-dereference and use-after-free security issues,” which could crash VLC. VLC is een open source, crossplatform mediaspeler die out of the box. The second is CVE-2019-5439, a stack buffer overflow in version 4.0.0 beta’s Reliable Internet Stream Transport (RIST), potentially allowing remote code execution (RCE) at the user’s privilege level, if a the user can be persuaded to run a malicious AVI or MKV video file. Het team van het VideoLAN-project heeft versie 0.7.2 van hun mediaplayer uitgebracht. The first of the criticals, CVE-2019-12874, discovered and documented in detail by Symeon Paraschoudis of Pen Test Partners, is an out-of-bounds write flaw in the FAAD2 MPEG-4 and MPEG-2 AAC decoder library used by VLC 3.0.6 and earlier. Numbering 33 in all, this included two marked critical, 21 mediums and 10 rated low, bringing VLC to 3.0.7.īut perhaps the most interesting part of the story is less the flaws themselves but the process through which they were found. What we know for sure is that the VideoLAN team is working on subtitles and audio quality, and to improve stability.Earlier this month, VideoLAN – the maintainers of the world’s most popular open source media player, VLC – issued the biggest single set of security fixes in the program’s history. These issues and other are being worked out, but there isn’t a time frame for a new update. Streams and playlists aren’t supported. VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols.Audio doesn’t seem to work in all configurations.VLC app for Windows 8 at the current stage is slow.Support for removable storage and DLNA servers.Support multiple-audio tracks sections.Support for the same codecs as the VideoLAN application for the desktop, such as MPEG-1 to H.265, passing through WMV3 and VC-1.Support for all the audio and video file format that is supported in VLC, including OGG, MOV, MKV, FLAC, and MPC. Windows RT isn’t currently supported, but it will soon after VLC is compile for ARM chips.VLC 0.2.0 only works on x86 Intel chips.Developed in 2001 by VideoLAN, it has successfully managed to upgrade and. Today the VideoLan team is announcing the release of the first beta version of VLC media player (Metro-style) app for Windows 8.x, with a Windows RT version that will be available soon.Īccording to one of the developers the VLC media player app still a bit buggy, but it works, and people wanting to try the new app can download it now from the Windows Store. VLC Media Player is the most popular video players across all the platforms. VLC, the popular free media player on Windows - just because it can play pretty much any video and audio file - is finally arriving to the Windows Store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |