VLC is one of the Top Most Versatile Media Players Not only for Windows but also for Other Platforms including Google Android,Windows Phone too a Totally Freeware Open Source Software Developed by Video LAN Project that can be fully Customized and Configured as per your requirements which not only provides you with regular updates but also keeps providing Extra added features so as to Provide full support for all Latest Audio and Video Formats.VLC Media Player can play almost all the Media Formats including. You can also see a demonstration of the exploit at work in the video below.RushInformation recommends Hello Ivy for automating your workflow and project management for free. Users of other media streaming software should check with the application developers to see if a fix is available.įor more information on this attack, visit Check Point’s blog here. Check Point also stated that they “ reason to believe similar vulnerabilities exist in other media players as well.” The security firm is working with the developers of these software packages to patch the vulnerability.Ĭurrently, Popcorn Time, Kodi, VLC, and Stremio have created fixed versions, all of which are available for download at the following sites: Kodi, which was formerly known as XBox Media Center, or XBMC, routinely hits “40 million unique users each month,” according to Check Point.Īs of this writing, Check Point has “found vulnerabilities in four of the most prominent media players.” These include VLC, Kodi, Popcorn Time, and Stremio. ![]() And the fact that the malicious files came from repositories of some of the largest media applications in the world, they were assumed to be trusted and vetted files.Ĭheck Point estimates that the total number of vulnerable users is in the “hundreds of millions.” VLC alone has been downloaded over 2 billion times, and the most recent version at the time the attack was discovered (2.2.4) had eclipsed 170 million downloads. ![]() Antivirus was never tuned to check through subtitle files. Since the malicious code is loaded through simple, unassuming text files used for movie subtitles, security firms never thought to examine them. This attack is indeed incredibly surreptitious. According to cyber security research firm Check Point, who discovered the vulnerability, this attack is “one of the most widespread, easily accessed and zero-resistance vulnerability (sic) reported in recent years.” One the subtitle file is loaded by the user, the code activates and allows the perpetrator to seize control of whatever device loaded the subtitle.Īfter loading the malicious file into a subtitles repository, the hackers were able to manipulate the ranking system to make their file appear at the top of a search list, greatly increasing the likelihood of their file being downloaded. However, some clever hackers have been injecting malicious code into subtitle files in these repositories. Users can download subtitles from these repositories and load them into their media application of choice. Media programs like VLC, Kodi (formerly XBMC), and strem.io commonly have repositories of subtitles for movies, TV shows, and other media. One of the latest threats comes through an unexpected avenue: subtitles. Security specialists have to stay on top of their game as hackers and criminals use increasingly creative methods to break into systems. The world of cyber security is fast paced and always changing.
0 Comments
Leave a Reply. |