The media player can lead to millions of systems suffer from subtitles attack-vulnerability warning-the black bar safety net

ID MYHACK58:62201786419
Type myhack58
Reporter 佚名
Modified 2017-05-24T00:00:00


Experts pointed out that, as long as the attacker can make the target user in which a vulnerable media player to open a malicious subtitle file will be able to fully control the device. For automatically from the Internet to get the caption of the application, without any user interaction it can implement the attack. While the experts focused analysis of four popular media player, but the researchers believe that other applications are also likely to suffer impact. Confirm the vulnerable player is VLC, open-source home theater software XBMC that previously XBMC, the video streaming application Stremio and Popcorn Time. ! Experts pointed out that in view of the latest version of VLC download volume has reached 1. 7 billion times, and Kodi each month the Independent user the amount of nearly 4000 million, so the potential number of victims is very high. These media player developers have released patches, but some problems still in the investigation process, a Check Point company decided not to open any technical details. Check Point company noted that the hackers can take advantage of the special preparation of the subtitle file to execute arbitrary code, and thus complete control of the system. They can cause harm is endless, including the theft of sensitive information, installing ransomware, LaunchDDoSattacks, etc. Although in some cases the need to convince the user to by the affected player to open a malicious file, but the researchers report, police said the attacker is able to control the subtitle of the website ranking algorithm to make sure auto-load subtitles of the application to be able to select their files. By ensuring that your subtitles have high rank, attackers will also increase the Allow the user to manually load a malicious file chance.