As far as I understand, you probably don’t need to worry if your threat model does not included state level actors like Cicada or CIA. The exploit requires an access to the computer’s file system. Its not fair that VLC got singled out in this manner, as several other applications which allow DLL side-loading are similarly affected. I am not an cyber-security expert, so take what I say with a pinch of salt. There is a lot of confusion on the topic. The exploit in question seems to be Windows specific, so using VLC on other platforms is not of any particular concern. Do make sure that you download VLC from official sources only.
1 Like