Security Advisory – CVE-2018-19937

Product: VLC for Mobile IOSVendor: VideoLAN/Open Source SoftwareVersion: 3.1.4 BelowCategory: Permissions, Privileges, and Access Control (CWE-264)Vendor Notified: 2018-11-26 11:00 PMPatched: 2018-12-21Disclosed: 2019-01-01Researcher(s): Christian AngelCVE: 2018-19937 Summary A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Solution Update the application to the latest version References https://apps.apple.com/ms/app/vlc-for-mobile/id650377962 https://github.com/videolan/vlc-ios/pull/178/commits/d84d7c0a94eb7fba202d2c5fc3739276d2d3986fContinue reading Security Advisory – CVE-2018-19937