Because of security problems: Update the VLC player - now!
The VLC player is apparently vulnerable. A security vulnerability can cause it to crash and execute malware on your device. The good news is that an update is already available.
The popular media player with the orange traffic cone logo is known for its ability to play audio and video files of any format. If the VLC player can't play it, it's broken. But now the software itself is in danger of breaking. The manufacturer explains in its latest security report that VLC has a security vulnerability.
Software crash and malware threat
This is a so-called DoS (Denial of Service) vulnerability. This is based on a so-called heap overflow.
The vulnerability works via the player's streaming function: The security functions in the software can be bypassed via an MMS stream (Microsoft Media Server). To do this, however, you must actively open the corresponding stream. Once this is done, the cybercriminals could crash the VLC player or even execute code on your device - apparently they can also gain access to your rights. Under certain circumstances, it is even possible for user information to be stolen.
Update is here - rollout is gradual
The report from the VLC developers states, however, that it will probably remain a software crash if the vulnerability is exploited. Data Execution Prevention (DEP), among other things, contributes to this. This monitors the system memory and usually closes the software automatically if it causes suspicious behaviour. However, it cannot be ruled out that the DEP can be bypassed.
Source: Florian Bodoky
The VLC developers have already developed corresponding updates. As all versions of the player are affected, VLC recommends downloading version 3.0.21. This will be rolled out continuously and gradually. Before that, you should avoid running MMS streams from unknown sources. To install the update, open the VLC Player, click on "Help" and then on "Check for updates". Under macOS, click on "VLC media player", then on "Check for updates". If the update is not yet available, you can download and install it manually here.
I've been tinkering with digital networks ever since I found out how to activate both telephone channels on the ISDN card for greater bandwidth. As for the analogue variety, I've been doing that since I learned to talk. Though Winterthur is my adoptive home city, my heart still bleeds red and blue.