VLC 3.0.12 fixes multiple security vulnerabilities

VLC player launched a new version to support Apple M1, which is a new version developed based on the ARM64 architecture so that Apple M1 users can get the best performance.

If Apple M1 users have already installed VLC for the macOS version, they only need to click Check for updates. After checking for updates, VLC will automatically download and replace it with the M1 special edition.

It is worth noting that VLC v3.0.12 also updates other platform versions. In addition to fixing various known errors, this update also fixes multiple critical security vulnerabilities.

These vulnerabilities were discovered and submitted by NSFOCUS security researcher Zhen Zhou. According to VideoLan’s security bulletin, “If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user. While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.”

VideoLAN expressed its gratitude to the security researchers for their work. For now, there is no evidence that the vulnerability has been exploited in the wild, so please rest assured.