Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Malicious Subtitles Enable Hackers to Gain Hold over Users’ Devices


Security researchers of late found an astonishing new method by which cyber-criminals acquire hold over users' devices. This is malicious subtitles. Any kind of device can be affected with the vulnerability such as a computer, smart-phone or Mac.


The vulnerability, which Check Point has revealed, affects media players, most prominently, Stremio, Popcorn Time, Kodi (XBMC) and VLC. Following the revelation, updated players can currently be obtained. VLC especially has an extremely large number of takers and the media player is open-source which contain more than 170m downloads suitable for Windows alone. There is a wide use of media players within smart televisions as well as media devices of other kinds. Check Point has estimated that there are 200m affected devices.


The assault gets the susceptible media player to install one subtitle that is taken from some intermediate source for providing the user certain language translation. Media players treat subtitles to be trusted source that mostly come as text files only, that anti-viruses and other ordinary security tools overlook. Eweek.com posted this on the Internet dated May 23, 2017.


As of now, it's extremely important that application developers of media players remedy the vulnerability at the earliest. Anybody utilizing intermediate software for exhibiting subtitles must ensure they have up to date client for their video players. Also, taking down subtitles from intermediate caches must necessarily be avoided as of now. However, if end-users stream content lawfully then they won't be impacted with the said problem.


Currently, clues are nil regarding active use of the described attack vector. However, with the possibility now revealed, it will probably be soon when the con artists determine the details followed with beginning to use it. According to Check Point, while fixes for the vulnerability within prominent media players as those mentioned above are available, in the case of Kodi, while its source code is remedied, there is no runtime version obtainable still now.


Check Point anticipates other apps to be impacted as well. And while the security firm doesn't reveal any technical aspects right now, it doesn't also tell which apps effectively fixed the vulnerability.

» SPAMfighter News - 5/31/2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page