Security Advisory – CVE-2018-19937

Product: VLC for Mobile IOSVendor: VideoLAN/Open Source SoftwareVersion: 3.1.4 BelowCategory: Permissions, Privileges, and Access Control (CWE-264)Vendor Notified: 2018-11-26 11:00 PMPatched: 2018-12-21Disclosed: 2019-01-01Researcher(s): Christian AngelCVE: 2018-19937 Summary A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Solution Update the application to the latest version References reading Security Advisory – CVE-2018-19937