VLC Media Player Exploit Found - Software Update Released

FOR IMMEDIATE RELEASE
(Free-Press-Release.com) September 30, 2010 -- The folks at VideoLAN have rolled out an important update to the 1.1.x branch of VLC for Mac OS X, addressing security issues on the PowerPC side. Mac OS X fans wielding a PPC mac are being told that VLC Player 1.1.4.1 is “recommended” software update.

“VideoLAN and the VLC development team are happy to present VLC 1.1.4.1, a fourth bugfix release of the VLC 1.1.x branch,” the developers note.

“This release does only target PowerPC-based Macs. It is the first release of this branch for this platform and includes all the features, improvements and bug-fixes you have been waiting for,” the code-savvy team at VLC adds.

“This is a security update, so we recommend all users to update to this new version (CVE-2010-2937 / VideoLAN-SA-1004),” the announcement ends. On the VideoLAN site, the bug (which was discovered way back in August) is described as follows:

“Due to the DLL loading design on Windows, VLC loads automatically a DLL from the current directory, if it doesn't find it in VLC's application directory or in system directories. A few modules of VLC are affected (only Qt4 and DMO are known at the moment).”

“If successful, the exploit can execute arbitrary code within the context of VLC media player,” the advisory reveals. At the time, Microsoft published workarounds to keep Windows users on the safe side. The patch for Mac users has arrived only now, in VLC Player 1.1.4.1. A general workaround, before this version was available - The user should refrain from opening files from untrusted third parties or accessing untrusted remote sites (network shares, USB keys), until the patch is applied.


VLC Media Player
For more info visit: http://www.downloadvlcplayer.net/

download vlc     vlc     vlc download     VLC Media Player     vlc player