Not all of the “hackers” who send VideoLAN news of security weaknesses are helpful either: What about you give money to VLC instead of random hackers? Interestingly, Kempf admits he’s not a fan of bug bounties on the basis that they incentivise researchers to find flaws but not the fixes for the flaws. However, according to Kempf, the number of fixes this time was directly connected to the bug bounty sponsorship offered under the EU-FOSSA 2 program, which rewards hackers for finding critical flaws in open source software used by EU institutions.īy the standards of proprietary programs, this is pretty modest – only $220,000 had been scheduled for payment via the Intigrity/Deloitte and HackerOne platforms as of April 2019 – but this is still a step up for open source reporting, which normally relies on researchers looking for kudos alone.īut providing fixes for open source flaws doesn’t solve the question of who will create the fix, which is why EU-FOSSA 2 offers a 20% bonus to researchers who take the time to do that. The number of vulnerabilities serves to remind of the complexity of media players, which must support numerous file formats, Codecs, and text renderers, any one of which can open security holes. The mediums, meanwhile, are described by VideoLAN’s Jean-Baptiste Kempf as “mostly out-of-band reads, heap overflows, NULL-dereference and use-after-free security issues,” which could crash VLC. The second is CVE-2019-5439, a stack buffer overflow in version 4.0.0 beta’s Reliable Internet Stream Transport (RIST), potentially allowing remote code execution (RCE) at the user’s privilege level, if a the user can be persuaded to run a malicious AVI or MKV video file. The first of the criticals, CVE-2019-12874, discovered and documented in detail by Symeon Paraschoudis of Pen Test Partners, is an out-of-bounds write flaw in the FAAD2 MPEG-4 and MPEG-2 AAC decoder library used by VLC 3.0.6 and earlier. Numbering 33 in all, this included two marked critical, 21 mediums and 10 rated low, bringing VLC to 3.0.7.īut perhaps the most interesting part of the story is less the flaws themselves but the process through which they were found. If you're looking for a simple and complete player for Android, downloading the VLC APK is one of the best options.Earlier this month, VideoLAN – the maintainers of the world’s most popular open source media player, VLC – issued the biggest single set of security fixes in the program’s history. You can also deactivate it if you want greater stability or have problems playing any particular content. For example, you can enable hardware acceleration so that the videos you play consume less battery power. You can also speed up the playback of the content.įinally, you find advanced features you can turn on or off. Other useful features of the app include audio-only playback with the screen turned off or playback in PiP mode, with a small window always displayed on the screen, even if you switch apps. If these are not integrated, you can download them directly from the Internet, where the app uses the name of the content to search for matching subtitles. By swiping at the bottom, you can move the content you are viewing forward or backward in time.ĭuring playback, you can choose the audio or subtitle language. If you tap twice on either side, the video will jump 10 seconds. When playing, you can swipe up on the left to increase the brightness or on the right to increase the volume. In the player, you find a host of options available to make watching content more comfortable. You can choose between dark or light modes at the interface level or opt for the automatic change depending on the system option. You can also use the integrated file explorer to go directly to a folder to play the content. When opening the app, the contents are sorted by video or audio. It is open-source and includes all the necessary codecs to play all types of videos and songs. VLC is one of Android's most widely used media player apps.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |