Arbitrary code execution caused by Vitamio init function

[giantpune]

It was recently disclosed by NowSecure that the Vitamio library contains a serious vulnerability. That blog post details and PoC code to attack a video player using this library. Between the time when an application calls io.vov.vitamio.initialize and when the app plays a media file, another app can replace the native code and take control of the Vitamio one. The same attack works for all apps using Vitamio to play media files.

[Fuzion24]

:+1:

[MythodeaLoL]

:+1:

[dweinstein]

:+1: