“Users should be less concerned if the application they're using is from a Linux distributor, because they have patches available. But with third-party vendors, users might not know about the problem until they read about it.”
“Three of the vulnerabilities can launch malicious code that allows an attacker to snoop on users. The other vulnerability is a DOS attack that will only work in a few cases and crash the media player when it tries to open a file.”
“An attacker could use the exploit to run any code they want to on a person's system. It could be they want to launch some really nasty code on a user's system.”
“I don't think many software vendors would be willing to run the risk of deliberately placing a back door in their software. The benefits compared to the huge risk of disclosure simply aren't worth it.”
“Vendors can take months to create patches, and sometimes users grumble about that, ... But the alternative is to have patches that can be circumvented or aren't appropriate for the vulnerability. It's a difficult balance.”
“Vendors can take months to create patches, and sometimes users grumble about that. But the alternative is to have patches that can be circumvented or aren't appropriate for the vulnerability. It's a difficult balance.”
