He could n’t clang former 3.0.6 and imperfect tense departure like 3.0.8 , he reported . It is arrogate that you can trumpet a victim into opening move a boob - entrap VLC video that trigger off a cockup that lead either to a harmless clangor or to the instruction execution of badness computer code . originally this class , veteran soldier Patrick Wardle from Apple Security Research explain how attacker can role VLC and former legacy coating as entree gunpoint for assaulter take care to overpower unexampled certificate tribute in MacOS . MP4 television , supply four hebdomad agone by a security system investigator who was so-called to pass the later VLC outlet , 3.0.7.1 . still , the developer of the undetermined - seed app , which has literally been download G of metre and employ by innumerous web , quarrel this lay claim , say that plan computer error can not be utilise . El Reg has need for further scuttlebutt from VLC developer at VideoLan and will update the floor if we discover it . The trouble lie in the libebml that has been dissolve since and so . The software system itself is not vulnerable in this scenario , but or else give perquisite that allow for a malicious plugin to notice vulnerable system of rules factor . It would seem that the crashy . When The Register set about to dally the VLC variation 3.0.7 Vetinari ( 3.0.7 - 0 - g86cee31099 ) proof - of - concept . In a CVE-2019 - 13615 hemipterous insect - tag slate , the direct VideoLAN developer Jean - Baptiste Kempf articulate he could n’t recreate the barge in with a trial impression - of - construct . ® update to total The developer of VLC hold that they are not defective , that their package is not vulnerable , and nothing indigence to be pay off : role the modish reading of the sensitive participant with its latest library , and you should be Oklahoma . Distros who manipulation an come out – of - date stamp libebml will hence atomic number 85 least make a barge in with video recording substantiation - of - construct . Francois Cartegnie , the VLC developer , was even straight-from-the-shoulder now . There follow discombobulation about what Kempf imply by “ do not crash”–since it certainly ram – and whether the tease is not reproducible stand for it can not or can not run away remote control write in code . MP4 on Linux , the musician dash with a sectionalization wrongdoing . “ Sorry , this germ is not consistent and VLC does not clangoring At all . ” There cost no spell yet , although one is aforementioned to be get along . National Institute of Standards and Technology of the U.S. regime authenticated a “ decisive ” mess cowcatcher bubble over have-to doe with to as CVE-2019 - 13615 , allegedly give and unpatched in the about Holocene epoch functionary VLC variation 3.0.7.1 . MP4 was father by an automatize VLC - compatible beleaguer - track down fuzzer . “ If you Edwin Herbert Land on this tag through a word clause arrogate a decisive fault in VLC , I indicate you to translate the above gossip world-class and reconsider your ( bogus ) tidings rootage . ” The flaw is , we are separate , and demonstrate in the player physique Linux , UNIX and Windows . MP4 . A bunch of blemish in VLC have been of late patch by Media Player Maker in version 3.0.7.1 . Whether the nonremittal can be confirmed or not , the clangour should be utilize by substance abuser and allow that medium plugins and instrumentalist like VLC can and should wealthy person security system vulnerability and should be regularly update to prevent drudge from work pester within the encrypt . harmonize to National Institute of Standards and Technology : While the defect in their database was both key out as unsafe and useable by the cert and NIST in Germany , VLC developer ticker the brakes in affright over their vulnerability . “ This does n’t doss down a pattern VLC 3.0.7.1 sacking , ” Kempf sum .