Researchers have revealed a vulnerability that can allow hackers to take complete control over a media device running VLC, Kodi, Popcorn Time and Stremio.
Using the subtitles feature, Check point researchers were able to uncover the threat that uses malicious subtitle files for movies and TV shows, which are downloaded by unsuspecting users.
“The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers,” Omri Herscovici, Check Point.
Check Point believes that similar vulnerabilities exist in other streaming media players, besides the ones listed as well.
All four known companies have released updates and patches to address the issue. People who use these devices are urged to update immediately.
Here is a video of how the attack works.