Breaking News
Home / Science & Technology / Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

What’s worse than a security vulnerability in a widely-used program? A security vulnerability in several widely-used programs. Researchers from Check Point Software Technologies have uncovered a flaw in a handful of media players (including VLC, Kodi, Stremio, and PopcornTime) that allows hackers to run executable code through subtitle files.

 

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Check Point did not reveal details about how the vulnerability works, to protect users and allow developers to fix the issue. Essentially, hackers can create malicious subtitle files containing executable code, which runs when the file is loaded. Check out the above image of the vulnerability in action on PopcornTime:

 

The real problem is that some media players, either by default or through optional plugins, can automatically download subtitles for whatever you are watching. Researchers were able to prove that by uploading a malicious subtitle file to OpenSubtitles.org, and manipulating the site’s ranking algorithm, they could guarantee the infected file would be automatically downloaded by the media player.

VLC, Kodi, and Stremio have fixed the vulnerability (with an unofficial build of PopcornTime available with the fix). However, VLC for Android doesn’t seem to be patched, as it was last updated on the Play Store in August. Thankfully, Kodi for Android has been fixed, and the updated version is available right now on the Play Store.

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

About admin

Check Also

Tech News: itel Mobile launches latest selfie Smartphone

itel Mobile launches latest selfie Smartphone …Equipped with dual selfie camera, fingerprint scanner Africa’s number …

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!
%d bloggers like this:
Skip to toolbar