REGISTER FOR THE WEBINAR
cover
27 August 2019 Tuesday

9.8 CVSS on an App Downloaded 3B+ Times?

By Michael Assraf
0 Comments

In July 2019, a severe vulnerability was found in VLC, an extremely popular media player, used to playback different types of videos on computers and mobile phones. VLC boasts impressive total downloads of over 3 billion, and the vulnerability has a highly critical CVE score of 9.8, making this one of the most dangerous and substantial cyber threats to date.

 

 

What This Vulnerability Means For Us

The memory-corruption flaw is known to reside in the software’s latest release, but may also be present in its earlier versions. It affects the program’s Windows, Linux, and UNIX versions. VLC is open-source software under the GPL2 license, which means that this vulnerability might affect countless other programs that utilize its media-playback engine.

It allows attackers to not only execute code remotely but also allows for:

  • Unauthorized disclosure of information
  • Unauthorized modification of files
  • Disruption of service

What This Means For CISOs

VideoLAN has confirmed that they have started working on the fix, but there is currently no estimation on when it might be completed. The general advice, at this point, is to refrain from using VLC altogether, which puts CISOs under tremendous pressure to secure their corporate networks. Ideally, CISOs should have been able to identify the threat ahead of time and resolve the issue without the need for patching at all.

What It Could Have Meant With Vicarius
Quite simply, this all could’ve been mitigated using Vicarius’ TOPIA platform -- an advanced AI-driven algorithm, which would have predicted the vulnerability, even before it had become common knowledge, giving CISOs a huge advantage by staying ahead of the curve. TOPIA is the world’s first platform that is capable of proactively analyzing 3rd-party binary files and alert on potential vulnerabilities and threats in real-time.

Had Vicarius been used in this instance, the TOPIA platform would have marked the vulnerability as highly critical due to the way the program utilized system resources. There was no need for source code or cooperation by VideoLAN, the software vendor. Thanks to Vicarius’ TOPIA, and even without patching, the target network would've still been secured, and billions of dollars in anticipated spend operations, logistics, deployment and R&D could’ve been avoided.

Written by Michael Assraf

CEO @ Vicarius

Leave a Reply

    Categories

    See all

    Related Post

    CISAnalysis - June 20, 2022

    It’s Monday and time to take a gander at CISA’s Known Exploited Vulnerabilities Catalog.

    By Kent Weigle

    Can Old Vulnerabilities Learn New Tricks?

    The public’s favorite government agency, CISA (not the CIA) has recently added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, the living, breathing, exponentially growing list of vulnerabilities that have seen active exploitation in the wild.

    By Evan Kling
    In: #patching

    Nmap Advanced Uses Pt.3: Firewall Evasion

    Intro

    Today, firewalls are an essential part of almost every IT infrastructure and are being deployed in a myriad of shapes and forms. They usually focus on layers 3 and 4 of the OSI Model (occasionally layer 2). Next-generation Firewalls (NGFW) can also cover layers 5, 6, and 7. With more layers covered, we gain more control, but also spend more computing power.

    By Nikola Kundacina

    Strong Cyber Hygiene is only One Click Away

    Want to take TOPIA for a free ride? Schedule A Meeting with our 🐺team!

    Let us know what would like to see 😀
    REGISTER FOR THE WEBINAR
    16
    Vicarius analyzes, prioritizes and even acts against software exploitation in real-time across your organization's digital landscape.

    Blog

    Website

    Contact us

    info@vicarius.io
    1-605-593-5454
    Copyright © 2024 Vicarius LTD. All Rights Reserved.