You are here

HomeJohn Lister › iPhones, VLC Player Both At Risk

iPhones, VLC Player Both At Risk

John Lister's picture
by John Lister on August, 22 2019 at 09:08AM EDT

Users of both Apple devices and the VLC media player should watch out for potentially serious security bugs. The former is a particular embarrassment for Apple.

It turns out the company fixed a security bug in iOS 12.3 in April, then accidentally removed the fix in iOS 12.4, which it released last month. It now plans to fix it imminently in an emergency update to be titled iOS 12.4.1.

The bug is very serious as it potentially allows a rogue app to "execute arbitrary code with system privileges." That effectively means malware could have complete control over an iOS device, something that's normally almost impossible given how locked down Apple keeps its devices.

Extra Care Needed With App Downloads

Users need to take two particular steps to minimize risk until the fix is issued.

Firstly, they should be more wary than usual about downloading and installing unfamiliar apps in case they've got past Apple's vetting process. It's a situation where there is a low risk, but with a high potential damage. In particular, users should watch out for apps that pose as legitimate, well-known apps as a way to trick people into downloading.

Secondly, users should resist the temptation to follow any online instructions for "jailbreaking" the phone, which means accessing the operating system beyond normal limits and running unapproved apps. Right now, such instructions could leave the device vulnerable to the attack. (Source: theguardian.com)

Media Player Bug Could Risk Hacking

Meanwhile users of the popular VLC media player need to apply the latest update (to version 3.08) before watching any videos. It fixes 13 bugs, all of which could be triggered by opening a "booby-trapped" file in common formats such as WMV and MP4. Some of the bugs could also be triggered through browser plugins.

The most likely effect of any attempts to exploit the bugs would simply be crashing the video player. However, makers VideoLan say they can't rule out more serious exploits such as accessing sensitive data on a computer or remotely executing code. (Source: theregister.co.uk)

What's Your Opinion?

Should Apple contact users directly to warn about such problems? Have you ever been tempted to "jailbreak" a phone? Do you worry about security risks from applications such as video players on your computer?

Filed under:
Security
| Tags:
media player
,
ios
,
bugs
,
apps
,
apple
,
vlc
Rate this article: 
Average: 5 (9 votes)

Comments

ehowland's picture

Submitted by ehowland on Sun, 08/25/2019 - 11:18

Although I do not use an Apple phone (android) I typically keep one to guide clients if needed. Right now I have a fully functional iPhone 6S. It says iOS 12.4 and claims it is up to date and DOES NOT offer me 12.4.1 as an update. Any idea when this is to be released?

Also a clarification please was it VLC on any device (PC, Mac, Apple iphone, Android phone) or was VLC player only a problem on an iPhone?

ehowland's picture

Submitted by ehowland on Tue, 08/27/2019 - 00:27

About 6 minutes to download and about the same to apply to my test iPhone6S

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.