Home / Software & Gaming / Security / Researchers discover dangerous media player subtitle hack, fixes are on the way

Researchers discover dangerous media player subtitle hack, fixes are on the way

If you are often watching content on applications like Kodi, Popcorn Time and VLC with subtitles on, then you may want to be extra careful at the moment as a new vulnerability has been discovered. It turns out that older versions of these bits of software are all open to an easily accessed vulnerability, which uses subtitle files to execute malicious code.

Most subtitle makers do so with non-malicious intentions. However, according to the researchers at security firm Check Point, if you were unfortunate enough to come across a malicious subtitle file, a hacker could potentially access your entire system. Below you can see a demonstration of how the attack would work:

Here is how Checkpoint explains it: “Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.”

Given the amount of Kodi and VLC users out there, the scope of this vulnerability is pretty massive. Fortunately, updates across the board have already been issued, so if you aren't somewhere that updates your media player often, then make sure you do so now that this fix is out.

You can go to Check Point's full report to see more details on the affected platforms and links to fixes.

KitGuru Says: Remember to update your software guys, these swift fixes are no good if people don't download them. 

Become a Patron!

Check Also

Marvel Rivals has a major security issue enabling Remote Code Execution

A Remote Code Execution exploit has been discovered in Marvel Rivals, allowing hackers to remotely spread malware through the game.

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!