Published for the satisfaction and information of the people
|
|
|
VLC player updated to fix major security loophole
VIDEO SOFTWARE FIRM Videolan has released an update to its VLC player that addresses a major security loophole and a number of other issues.
The company become aware of a heap corruption problem in the media player last week, which could be caused by insufficient buffer size while parsing some MP4 files.
This could potentially be exploited by a third party to execute arbitrary code, which could crash VLC and potentially open the door to installation of malware on a victim's computer.
The bug affects versions 1.0.0 to 1.1.8 of the VLC media player, but the recently released VLC 1.1.9 fixes this loophole. This update follows only two weeks after the previous update to 1.1.8.
A number of other fixes are included in the update, many of which address interface and other issues for Mac OS X. Notification alert monitor Growl is also now bundled with VLC on Macs.
Additionally, the libmodplug plug-in has been updated to improve security on both Windows and Mac OS X. µ
Tags: Software
Share this:
Share
Pity the "check for update" still thinks 1.1.8 is the latest...
I have to put Linux first but vlc is a close second for free software vote.
Most people will never see it's full potential and I would hate to be without it.
Oops, I remembered I actually settled on VitalPlayer on Android. RockPlayer -should- be equally good but I can't speak up for it personally. Sorry!
Sometimes when I see that something I think of as a "less mainstream" product (compared to Windows Media Player) is updated, it could be a hack of the web site and malware. Until I read about it in a respectable source. But I didn't get [The Guardian] today so I may make do with you. :-)
I suppose I won't yet see a cure for soundtrack synch trouble when converting Freeview video recordings to MP4 for viewing on Android (Samsung Galaxy Tab), but RockPlayer on the Tab plays the PC files unchanged pretty well.
It's open source non-profit made by volunteers, so it's not a 'firm' actually.