My brother rang me at work today to say I needed to remove VLC media player from my Mac because of some critical security flaw in the program that allows others to remotely run code on my computer.
Thing is, I use it all the time, so this would be a major deal having to remove it.
My question is:
Do I have to remove it, or can I just quarantine it somehow?
Best Answer
Assuming you have macOS installed on your Mac and you’re talking about the macOS version of VLC, then you do not need to remove VLC at all.
According to CERT-Bund, the highly respected German security agency that discovered this flaw, only VLC versions written for the Linux, UNIX and Windows platforms are prone to injected malicious code.
This issue was first discovered in version 3.0.6 and it is still present in version 3.0.7.1 (see the latest advisory).
As an aside, your question about quarantining VLC would not have applied as it’s not a virus as such. The only fix is to download and install a version of VLC in which the code has been fixed. The VideoLAN organisation is aware of the issue and is currently working on a patch, so hopefully it won't be too long for Linux, UNIX and Windows users of VLC.