Malicious subtitles can be used to fully take over PC Kodi vulnerable
Media players like Kodi, Popcorn Time and VLC can be used to take control over the computer on which they run through malcious subtitles, security company Check Point states.
Online streaming is booming, and applications such as Kodi, Popcorn Time and VLC have millions of daily users.
Some of these use pirated videos, often in combination with subtitles provided by third-party repositories.
While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users.
Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years.
By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device,” they write. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”
Developers of the applications have already applied fixes or will do so soon.
Senior Member
Posts: 2764
Joined: 2002-11-28
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."
Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.
Senior Member
Posts: 9988
Joined: 2004-05-10
What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.
Senior Member
Posts: 2027
Joined: 2010-05-26
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.
Senior Member
Posts: 3977
Joined: 2003-11-15
Anyone know if MPC is affected?
Member
Posts: 48
Joined: 2010-05-27
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."