VLC is merely common enough that maybe it's easier to target, doesn't mean they don't have 20 other options besides this seeing as they already have the ability to write to your local filesystem. If someone already has another exploit that allows them to write to my disk, how am I not already screwed? Someone tell me why this is really really relevant. So it's not VLC itself that is exploited, it's simply using an already installed version of VLC as an escallation of privilege, so that if they have filesystem access they can get user runtime access.Ĭan browsers tell if someone sideloaded an extension directly via disk edits prior to their startup? Aren't there always a bajillion other windows escallation of privilege exploits that are never patched with much rush? It makes for a grim reminder to keep your software updated. Oh ffs, here is the appropriate quote from a relevant article:Įven then, it's not actually VLC that's at fault BleepingComputer says that when deploying the exploit, the hackers used security holes in other software, like unpatched versions of Microsoft Exchange.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |