VideoLan has released VLC Media Player 3.0.14 to fix an issue affecting Window users and causing the software's auto-updater not to launch the new version's installer automatically.
"VLC users on Windows might encounter issues when trying to auto update VLC from version 3.0.12 and 3.0.13," VideoLan explained. "We are publishing version 3.0.14 to address this problem for future updates."
This issue is caused by a bug introduced in the automatic updater code of VLC 3.0.12 and fixed with the release of VLC 3.0.14.
Because of this bug, VLC updates are downloaded to the users' computers, verified for integrity, but will not be installed as the auto-updater fails to launch the VLC 3.0.14 installer.
When trying to update to the latest version, you will get a prompt explaining that the auto-update system is broken.
"The upgrade you are doing will not launch the installer, because of a bug from our team. We are extremely sorry about that," the VLC 3.0.14 update prompt reads.
"You will need to manually launch from your temp folder after the download. This upgrade fixes security issues in the updater and in the application. Please update."
How to manually update to VLC 3.0.14
To update your VLC installation to the latest released version, you will need to download the 3.0.14 installer from VLC's download page and install it manually.
Once downloaded on your hard drive, you have to double-click the VLC installer and launch the guided installation process. Step-by-step instructions are also available here.
Users who have already tried updating VLC and downloaded the installer can find it in their Temporary files folder in File Explorer. To find the folder, you have to enter %TEMP% as the location.
VideoLan has also addressed multiple remote code execution vulnerabilities in VLC Media Player 3.0.12 that could be used to "trigger either a crash of VLC or an arbitrary code execution with the privileges of the target user."
Remote attackers can exploit these security flaws by creating specially crafted media files and tricking the targeted users into opening them with VLC.
If you are running VLC 3.0.11 or earlier, you should immediately update to VLC 3.0.14 for Windows or VLC 3.0.13 on macOS and Linux, the latest released versions that include patches for these severe security issues.
Luckily, VLC versions up to and including 3.0.11 do not include the auto-update breaking bug, so they can easily be upgraded to a patched release using the app's built-in automatic update system.
Comments
wjlesaulnier - 2 years ago
This is bad- did they not even alpha test the update on Windows? A pop-up with big red letters telling you to do something is exactly how malware gets on computers. There is no way on earth I'd follow instructions in such a pop up. I'm going to delete VLC and download the latest version from their website. If this happens again, I'm going to delete VLC permanently and find an alternative.