Hacked Subtitles Threat to Some Streaming Video Applications, Check Point Says
Close to 200 million video players and streamers run software vulnerable to "malicious subtitle files" that are downloaded by media players, with the hackable exploit allowing the take-over of the device, Check Point Software blogged Tuesday: Vulnerabilities are found in a variety of streaming platforms, including Popcorn Time, VLC, Kodi and strem.io, and it's "one of the most widespread, easily accessed and zero-resistance [vulnerabilities] reported in recent years." It said subtitles repositories loaded by users' media players "are, in practice, treated as a trusted source by the user or media player." The company said hackers can then "take complete control over any device" running the Trojan horse subtitle files. The firm reported the vulnerabilities to developers of vulnerable media players.