Update Your Media Players

Site FAQs, calendar of festivals and other helpful tools.
User avatar
Rick Lanham
Posts: 2071
Joined: Wed Feb 25, 2009 10:16 pm
Location: Gainesville, FL

Update Your Media Players

Unread post by Rick Lanham » Fri May 26, 2017 8:05 am

Subtitle files used by media players have been regarded as trusted files, since they are simply text. But researchers have discovered that this is a weak point, security-wise, for computer systems. You may need to update your media player:

http://blog.checkpoint.com/2017/05/23/h ... anslation/" target="_blank
"Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years…"
https://nakedsecurity.sophos.com/2017/0 ... ia-player/" target="_blank
"Let’s untangle the good from the bad. The fact researchers discovered the issue before attackers exploited it is a thumbs-up. It’s also positive that it’s been disclosed and patched on all four players cited:

VLC: fixed and available to download.

Kodi: fixed and available for download.

Stremio: fixed and available to download.

Popcorn Time: fixed and available to download manually.

Now for a less positive view. First, if your favourite media player isn’t one mentioned above, don’t assume it’s not affected. Say the researchers:"

“The past is never dead. It's not even past” - Faulkner.

Post Reply