ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide
AOC CU34G2X monitor review
Malicious subtitles can be used to fully take over PC Kodi vulnerable
Media players like Kodi, Popcorn Time and VLC can be used to take control over the computer on which they run through malcious subtitles, security company Check Point states.
Online streaming is booming, and applications such as Kodi, Popcorn Time and VLC have millions of daily users.
Some of these use pirated videos, often in combination with subtitles provided by third-party repositories.
While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users.
Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years.
By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device,” they write. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”
Developers of the applications have already applied fixes or will do so soon.
jbmcmillan
Senior Member
Posts: 2764
Joined: 2002-11-28
Senior Member
Posts: 2764
Joined: 2002-11-28
#5435254 Posted on: 05/24/2017 10:20 AM
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."
Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."
Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.
alanm
Senior Member
Posts: 9988
Joined: 2004-05-10
Senior Member
Posts: 9988
Joined: 2004-05-10
#5435261 Posted on: 05/24/2017 11:07 AM
What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it....
What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.
Reddoguk
Senior Member
Posts: 2027
Joined: 2010-05-26
Senior Member
Posts: 2027
Joined: 2010-05-26
#5435425 Posted on: 05/24/2017 06:21 PM
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.
Amaze
Senior Member
Posts: 3977
Joined: 2003-11-15
Senior Member
Posts: 3977
Joined: 2003-11-15
#5435432 Posted on: 05/24/2017 06:30 PM
Anyone know if MPC is affected?
Anyone know if MPC is affected?
Click here to post a comment for this news story on the message forum.
Member
Posts: 48
Joined: 2010-05-27
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."