CheckPoint researchers published in the business blog a warning about a vulnerability affecting several video players. They discovered that VLC, Kodi (XBMC), Popcorn-Time as well as strem.io are all vulnerable to assault via malicious subtitle files. By carefully crafting a subtitles data they insurance claim to have handled to take total manage over any type of type of gadget utilizing the impacted players when they try to tons a video as well as the respective subtitles.
According to the researchers, things look quite grim:
We quote there are approximately 200 million video players as well as streamers that currently run the vulnerable software, making this one of the most widespread, quickly accessed as well as zero-resistance vulnerability reported in recent years. (…) Each of the media players discovered to be vulnerable to date has millions of users, as well as we believe other media players might be vulnerable to similar attacks as well.
One of the reasons you may want to make sure your software application is as much as date is that some media players download subtitles immediately from a number of shared on the internet repositories. An attacker, as the researchers proved, might manipulate the website’s ranking algorithm as well as not only would entice more unsuspecting individuals to manually download his subtitles, but would likewise assurance that his crafted malicious subtitles would be those immediately downloaded by the media players.
No extra details were disclosed yet about exactly how each video player is affected, although the researchers did share the details to every of the software application designers so they can deal with the issue. They reported that a few of the issues are already fixed in their present versions, while others are still being investigated. It may be a great concept to watch carefully as well as update your system before the details come out.
Meanwhile, we can look at the trailer: