VLC, the popular multimedia player, was pushed into a controversy after a report submitted by WinFuture stated that the player had security issues. WinFuture in its reports classified the app to be a High Risk (Level 4), hence recommending users to uninstall it from the PCs.
As per the report, WinFuture claims that the vulnerability would allow hackers to alter the codes and breach the user data in the PC. The security agency described the issue to be 'a remote' that would allow hackers to use the flaw to execute arbitrary codes, create a denial of service state, disclose user information or even manipulate PC files. The vulnerability can also allow the scavengers to install, modify or run software applications without administrative authorisations.
The report has further stated that the PCs running Windows, Linux, and UNIX operating systems are most vulnerable to the flaw. The security agency cleared that there were no reported cases of data theft through the flaw but considering the potential of the flaw, the users have to be very careful.
Gizmodo reported that VLC was aware of the issue and was working on a fix. It quoted that the security patch for the flaw was not completed and there was no official statement from the company clarifying how much time was required to complete it.
With a large number of allegations and controversy flooding the internet, VideoLan, the parent company of VLC wronged WinFuture through its official twitter handle. It confirmed that WinFuture's report was based on an older version of the media player which was fixed about 16 months ago.
The company replied to all the pleas to remove VLC media player from the devices quoting, "VLC is not vulnerable". The VLC Twitter handle clarified that the issue was in a third-party library named libebml that was fixed. The Twitter feed added that the versions after 3.0.3 updates did not have any such flaw.
VideoLan in a Twitter thread complained that Mitre Corporation, the American non-profit organisation taking care of federally funded R&D centres, did not inform them about the problem before issuing a CVE (Common Vulnerabilities and Exposures) which was a direct violation of their policies.
Based on these developments and VLC's latest statement, it seems VLC is safe to use and there is no immediate threat to its users. Until of course, there is some development of WinFuture's findings. Stay tuned for updates.