Hackers Can Pwn Your Computer Via Flaws In Media Players Exploited Via Subtitles
This is something that I never figured was possible. Security company Check Point has come out with a blog post that has details about a new type of exploit that leverages flaws in various media players to pwn computers. The vehicle for the pwnage is subtitles in videos:
Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
There’s also a proof of concept video that you can see here:
Now the four media player apps that are mentioned have mitigations against this threat. But there are likely plenty that are not mentioned that are easily pwnable. Or at least will be pwnable now that this is out in the open and hackers start to figure out how to exploit this. Thus, I have two pieces of advice. First if you use any of the media players mentioned above, then I would say that you should update to the latest version of these players. Second, if you’re running something else, maybe you should switch to one of these four to protect yourself from the threats that are sure to come.
This entry was posted on May 23, 2017 at 1:24 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Can Pwn Your Computer Via Flaws In Media Players Exploited Via Subtitles
This is something that I never figured was possible. Security company Check Point has come out with a blog post that has details about a new type of exploit that leverages flaws in various media players to pwn computers. The vehicle for the pwnage is subtitles in videos:
Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.
There’s also a proof of concept video that you can see here:
Now the four media player apps that are mentioned have mitigations against this threat. But there are likely plenty that are not mentioned that are easily pwnable. Or at least will be pwnable now that this is out in the open and hackers start to figure out how to exploit this. Thus, I have two pieces of advice. First if you use any of the media players mentioned above, then I would say that you should update to the latest version of these players. Second, if you’re running something else, maybe you should switch to one of these four to protect yourself from the threats that are sure to come.
Share this:
Like this:
Related
This entry was posted on May 23, 2017 at 1:24 pm and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.