A number of remote code execution bugs were fixed in VLC Media Player
The VideoLAN project has released a new build of the VLC media player, improving its functionality and fixing vulnerabilities that could lead to the execution of malicious code. Among the innovations, the implementation of support for Apple Silicon - microprocessors with the ARM-64 architecture, to which Apple began to transfer macOS users, is especially noteworthy.
Almost all new vulnerabilities in the player were discovered by NSFocus expert Zhen Zhou. According to the VideoLAN security bulletin, these issues are classified as buffer overflow and invalid pointer dereference.
The exploit is most likely to cause the crash of VLC in all cases, but the developers believe that these vulnerabilities in combination will allow a remote attacker to gain access to user data and even execute its code with the privileges of the current user.
VideoLAN has no data on the use of new flaws in real attacks. The patches are included in the VLC 3.0.12 update, which users are advised to install.
Source: anti-malware.ru
22 January 2021