Dec 23, 2019
In July 2019, a severe vulnerability was found in VLC, an extremely popular media player, used to playback different types of videos on computers and mobile phones. VLC boasts impressive total downloads of over 3 billion, and the vulnerability has a highly critical CVE score of 9.8, making this one of the most dangerous and substantial cyber threats to date.
The memory-corruption flaw is known to reside in the software’s latest release, but may also be present in its earlier versions. It affects the program’s Windows, Linux, and UNIX versions. VLC is open-source software under the GPL2 license, which means that this vulnerability might affect countless other programs that utilize its media-playback engine.
It allows attackers to not only execute code remotely but also allows for:
VideoLAN has confirmed that they have started working on the fix, but there is currently no estimation on when it might be completed. The general advice, at this point, is to refrain from using VLC altogether, which puts CISOs under tremendous pressure to secure their corporate networks. Ideally, CISOs should have been able to identify the threat ahead of time and resolve the issue without the need for patching at all.
What It Could Have Meant With Vicarius
Quite simply, this all could’ve been mitigated using Vicarius’ TOPIA platform -- an advanced AI-driven algorithm, which would have predicted the vulnerability, even before it had become common knowledge, giving CISOs a huge advantage by staying ahead of the curve. TOPIA is the world’s first platform that is capable of proactively analyzing 3rd-party binary files and alert on potential vulnerabilities and threats in real-time.
Had Vicarius been used in this instance, the TOPIA platform would have marked the vulnerability as highly critical due to the way the program utilized system resources. There was no need for source code or cooperation by VideoLAN, the software vendor. Thanks to Vicarius’ TOPIA, and even without patching, the target network would've still been secured, and billions of dollars in anticipated spend operations, logistics, deployment and R&D could’ve been avoided.
Vicarius Records Signs Underground Sensation Lil CISOKent Weigle July 28, 2021
Benefits of Scanless Vulnerability AssessmentKent Weigle July 12, 2021
Three Important Steps for Your Vulnerability Remediation ProcessKent Weigle July 12, 2021
Challenges with Traditional Vulnerability ScannersKent Weigle July 10, 2021
Vulnerability Scanning: What Does It Entail?Kent Weigle July 09, 2021