Quantcast
Channel: iTWire - Entertainment
Viewing all articles
Browse latest Browse all 4710

VLC, other players vulnerable to subtitles attack

$
0
0
VLC, other players vulnerable to subtitles attack

Researchers at the Israeli security firm Check Point say they have discovered a method whereby an attacker can gain entry into a victim's digital device through subtitles which are used by different streaming players.

The players mentioned were VLC, Kodi (XBMC), Popcorn-Time and strem.io.

But the researchers did not say which operating systems are affected; VLC, for example has versions for Windows, the Mac, Linux. Android and iOS and Check Point did not mention if all versions are vulnerable or not.

The company said using subtitles as an attack vector was particularly worrying because hardly anyone would consider that they could be attacked this way.

{loadposition sam08}"Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files," the researchers wrote.

"This means users, anti-virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk."

The attack was made possible due to the insecure way in which media players process subtitle files and the abundance of subtitle formats.

"To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities," Check Point said.

"Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities."

All the streaming players listed have now provided patched versions on their respective websites.


Viewing all articles
Browse latest Browse all 4710

Trending Articles