be quiet! Dark Rock TF2 review
Basemark GPU v1.2 benchmarks with 36 GPUs
Corsair MP600 Pro XT PCIe 4.0 M.2 NVMe review
Teamgroup MP34Q 2TB NVMe SSD review
Lian Li SP750 (750W PSU) review
Teamgroup Cardea Z44Q 4TB NVMe SSD review
Asus ROG Swift PG32UQX monitor review
Plextor M10P 2TB NVMe PCIe 4.0 SSD review
ASRock RX 6600 XT Phantom Gaming D 8GB OC review
G.Skill TridentZ Royal Elite DDR4 3600 MHz CL14 review
Malicious subtitles can be used to fully take over PC Kodi vulnerable
Media players like Kodi, Popcorn Time and VLC can be used to take control over the computer on which they run through malcious subtitles, security company Check Point states.
Online streaming is booming, and applications such as Kodi, Popcorn Time and VLC have millions of daily users.
Some of these use pirated videos, often in combination with subtitles provided by third-party repositories.
While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users.
Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years.
By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device,” they write. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”
Developers of the applications have already applied fixes or will do so soon.
jbmcmillan
Senior Member
Posts: 2764
Joined: 2002-11-28
Senior Member
Posts: 2764
Joined: 2002-11-28
#5435254 Posted on: 05/24/2017 11:20 AM
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."
Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."
Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.
alanm
Senior Member
Posts: 10483
Joined: 2004-05-10
Senior Member
Posts: 10483
Joined: 2004-05-10
#5435261 Posted on: 05/24/2017 12:07 PM
What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it....
What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.
Reddoguk
Senior Member
Posts: 2189
Joined: 2010-05-26
Senior Member
Posts: 2189
Joined: 2010-05-26
#5435425 Posted on: 05/24/2017 07:21 PM
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.
Amaze
Senior Member
Posts: 3979
Joined: 2003-11-15
Senior Member
Posts: 3979
Joined: 2003-11-15
#5435432 Posted on: 05/24/2017 07:30 PM
Anyone know if MPC is affected?
Anyone know if MPC is affected?
Click here to post a comment for this news story on the message forum.
Member
Posts: 48
Joined: 2010-05-27
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.
"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."