Dec 23, 2019
In July 2019, a severe vulnerability was found in VLC, an extremely popular media player, used to playback different types of videos on computers and mobile phones. VLC boasts impressive total downloads of over 3 billion, and the vulnerability has a highly critical CVE score of 9.8, making this one of the most dangerous and substantial cyber threats to date.
The memory-corruption flaw is known to reside in the software’s latest release, but may also be present in its earlier versions. It affects the program’s Windows, Linux, and UNIX versions. VLC is open-source software under the GPL2 license, which means that this vulnerability might affect countless other programs that utilize its media-playback engine.
It allows attackers to not only execute code remotely but also allows for:
VideoLAN has confirmed that they have started working on the fix, but there is currently no estimation on when it might be completed. The general advice, at this point, is to refrain from using VLC altogether, which puts CISOs under tremendous pressure to secure their corporate networks. Ideally, CISOs should have been able to identify the threat ahead of time and resolve the issue without the need for patching at all.
What It Could Have Meant With Vicarius
Quite simply, this all could’ve been mitigated using Vicarius’ TOPIA platform -- an advanced AI-driven algorithm, which would have predicted the vulnerability, even before it had become common knowledge, giving CISOs a huge advantage by staying ahead of the curve. TOPIA is the world’s first platform that is capable of proactively analyzing 3rd-party binary files and alert on potential vulnerabilities and threats in real-time.
Had Vicarius been used in this instance, the TOPIA platform would have marked the vulnerability as highly critical due to the way the program utilized system resources. There was no need for source code or cooperation by VideoLAN, the software vendor. Thanks to Vicarius’ TOPIA, and even without patching, the target network would've still been secured, and billions of dollars in anticipated spend operations, logistics, deployment and R&D could’ve been avoided.
Could the Vulnerability Fujiwhara Effect Be the New Normal?Kent Weigle January 18, 2021
Six Ways to Improve Your Patch Management PracticesKent Weigle January 05, 2021
Top Trending CVEs of January 2021Kent Weigle February 01, 2021
So I Really Have to Update Chrome?Kent Weigle February 08, 2021
CVSS: The Vulnerability DartboardKent Weigle December 16, 2020