Malicious Subtitles Enable Hackers to Gain Hold over Users’ Devices

Security researchers of late found an astonishing new method by which cyber-criminals acquire hold over users' devices. This is malicious subtitles. Any kind of device can be affected with the vulnerability such as a computer, smart-phone or Mac.

The vulnerability, which Check Point has revealed, affects media players, most prominently, Stremio, Popcorn Time, Kodi (XBMC) and VLC. Following the revelation, updated players can currently be obtained. VLC especially has an extremely large number of takers and the media player is open-source which contain more than 170m downloads suitable for Windows alone. There is a wide use of media players within smart televisions as well as media devices of other kinds. Check Point has estimated that there are 200m affected devices.

The assault gets the susceptible media player to install one subtitle that is taken from some intermediate source for providing the user certain language translation. Media players treat subtitles to be trusted source that mostly come as text files only, that anti-viruses and other ordinary security tools overlook. Eweek.com posted this on the Internet dated May 23, 2017.

As of now, it's extremely important that application developers of media players remedy the vulnerability at the earliest. Anybody utilizing intermediate software for exhibiting subtitles must ensure they have up to date client for their video players. Also, taking down subtitles from intermediate caches must necessarily be avoided as of now. However, if end-users stream content lawfully then they won't be impacted with the said problem.

Currently, clues are nil regarding active use of the described attack vector. However, with the possibility now revealed, it will probably be soon when the con artists determine the details followed with beginning to use it. According to Check Point, while fixes for the vulnerability within prominent media players as those mentioned above are available, in the case of Kodi, while its source code is remedied, there is no runtime version obtainable still now.

Check Point anticipates other apps to be impacted as well. And while the security firm doesn't reveal any technical aspects right now, it doesn't also tell which apps effectively fixed the vulnerability.

» SPAMfighter News - 5/31/2017