fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

VLC Media Player 3.0.12 Fixes Multiple Remote Code Execution Flaws

VLC Media Player 3.0.12 Fixes Multiple Remote Code Execution Flaws

VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes.

This release is a significant upgrade for Mac users as it provides native support for Apple Silicon and fixes audio distortion in macOS.

In addition to bug fixes and improvements, this release also fixes numerous security vulnerabilities reported by Zhen Zhou of the NSFOCUS Security Team.

These buffer overflow or invalid dereference vulnerabilities “could trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user.”

According to VideoLan’s security bulletin, a remote user can exploit this vulnerability by creating specially crafted media files and tricking a user into opening them with VLC.

While VideoLan states that this vulnerability will likely crash VLC Media Player, they warn that attackers could use it to leak information or remotely execute commands on the device.

Also Read: 10 Practical Benefits of Managed IT Services

If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user.

While these issues in themselves are most likely to just crash the player, we can’t exclude that they could be combined to leak user informations or remotely execute code. ASLR and DEP help reduce the likelyness of code execution, but may be bypassed.

VideoLan states that they have not seen exploits abusing these vulnerabilities in the wild.

Due to the severity of this vulnerability and to benefit from VLC 3.0.12’s improvements, it is strongly advised that all users download and install version 3.0.12.

You can read the full changelog for version 3.0.12 below:

Access:
 * Add new RIST access module compliant with simple profile (VSF_TR-06-1)

Access Output:
 * Add new RIST access output module compliant with simple profile (VSF_TR-06-1)

Demux:
 * Fixed adaptive's handling of resolution settings
 * Improve Bluray tracks support
 * Improve WMV seeking and DASH support
 * Fix crashes in AVI, MKV modules

Audio output:
 * Fix audio distortion on macOS during start of playback

Video Output:
 * Direct3D11: Fix some potential crashes when using video filters

macOS:
 * Add native support for Apple Silicon / ARM-64
 * Visual UI adaptations for macOS Big Sur
 * Fix displaying EQ bands in the UI depending on which frequency
   presets are set for the EQ in advanced preferences
 * Fix UI issues in bookmarks window

Misc:
 * Several fixes in the web interface, including privacy and security
   improvements
 * Update YouTube and Vocaroo scripts
 * Fix rotation filter mouse handling
 * Update translations

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us