Malicious subtitles in popular media players could lead to remote compromise

Researchers at Check Point have discovered a flaw affecting several popular media players, stemming from how they process subtitles. If exploited, an attacker could gain remote access to the victim’s system.

It’s estimated that nearly 200 million video players and streaming apps use the vulnerable software.

Check Point says the vulnerable versions of VLC, Kodi, Popcorn Time, and Stremio have been downloaded more than 220 million times. All an attacker has to do is develop malicious subtitles, which are then downloaded to the user via the video player.

To read this article in full or to leave a comment, please click here