Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide
AOC CU34G2X monitor review

New Downloads
GeForce 461.72 WHQL driver download
AIDA64 Download Version 6.32.5640 beta
CrystalDiskInfo 8.11.2 Download
AMD Radeon Adrenalin Edition 21.2.3 driver download
GPU-Z Download v2.37.0
Intel HD graphics Driver Download Version: DCH27.20.100.9313
HWiNFO Download v6.43 - 4380 Beta
AMD Radeon Adrenalin Edition 21.2.2 driver download
3DMark Download v2.17.7137 + Time Spy
PCMark 10 Download v.2.1.2508


New Forum Topics
GeForce 461.72 WHQL driver download Review: MSI GeForce RTX 3060 Gaming X TRIO Razer offrers Kiyo Pro webcam at 200 USD GeForce 461.72 WHQL drivers: download & discussion RDNA2 RX6000 Series Owners Thread, Tests, Mods, BIOS & Tweaks ! Review: Sabrent Rocket 4 PLUS 2TB NVMe SSD (breaching that 7 GB/sec) AMD is investigating USB problems with 500 series chipsets AMD to announce Radeon RX 6700 Series upcoming March 3rd Any way to "Half-Refresh V-Sync" with AMD GPUs? Thanks! Cyberpunk 2077 postpones biggest patch v1.2




Guru3D.com » News » Malicious subtitles can be used to fully take over PC Kodi vulnerable

Malicious subtitles can be used to fully take over PC Kodi vulnerable

by Hilbert Hagedoorn on: 05/24/2017 07:08 AM | source: | 10 comment(s)
Malicious subtitles can be used to fully take over PC Kodi vulnerable

Media players like Kodi, Popcorn Time and VLC can be used to take control over the computer on which they run through malcious subtitles, security company Check Point states. 

Online streaming is booming, and applications such as Kodi, Popcorn Time and VLC have millions of daily users.

Some of these use pirated videos, often in combination with subtitles provided by third-party repositories.

While most subtitle makers do no harm, it appears that those with malicious intent can exploit these popular streaming applications to penetrate the devices and systems of these users.

Researchers from Check Point, who uncovered the problem, describe the subtitle ‘attack vector’ as the most widespread, easily accessed and zero-resistance vulnerability that has been reported in recent years. 

By conducting attacks through subtitles, hackers can take complete control over any device running them. From this point on, the attacker can do whatever he wants with the victim’s machine, whether it is a PC, a smart TV, or a mobile device,” they write. “The potential damage the attacker can inflict is endless, ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”

Developers of the applications have already applied fixes or will do so soon.
 







« Female soldiers coming to Battlefield 1 · Malicious subtitles can be used to fully take over PC Kodi vulnerable · Micosoft Announcing the new Surface Pro »

2 pages 1 2


spex_2
Member



Posts: 48
Joined: 2010-05-27

#5435251 Posted on: 05/24/2017 10:15 AM
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.

"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."

jbmcmillan
Senior Member



Posts: 2764
Joined: 2002-11-28

#5435254 Posted on: 05/24/2017 10:20 AM
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it.

"You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to less us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms."

Perhaps you didn't read this part "Developers of the applications have already applied fixes or will do so soon." This was referring to all affected applications not just Kodi that you're mentioning.

alanm
Senior Member



Posts: 9988
Joined: 2004-05-10

#5435261 Posted on: 05/24/2017 11:07 AM
this news is already obsolete with the new kodi version 17.2 https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release . nothing to sse here, just click baiting or poor news writing. maybe, next time you put more effort into the news and tell the users which version is affected and which fixes it....

What about the other media players mentioned? And what if users dont use auto-update or prefer the particular version they are using? For those who might not be aware its still useful info.

Reddoguk
Senior Member



Posts: 2027
Joined: 2010-05-26

#5435425 Posted on: 05/24/2017 06:21 PM
VLC has released a new version to address this very issue, not sure about all the others since i only use VLC.

Amaze
Senior Member



Posts: 3977
Joined: 2003-11-15

#5435432 Posted on: 05/24/2017 06:30 PM
Anyone know if MPC is affected?

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021