Check Point Security company revealed a new type of attack – subtitles attack . Subtitles are mainly used by users to watch non-native video. Researchers say that by making malicious subtitle files, you can use the popular streaming media platform’s vulnerability to remotely execute code to control any device, including computers, televisions, and mobile devices, after downloading and loading the victim’s play software.
Affected software includes VLC, Kodi (XBMC), Popcorn-Time and strem.io, using these vulnerabilities software users close to 200 million. The subtitle file is a text file that is usually considered harmless. Researchers have uploaded a concept to verify the prototype video , saying that the affected playback software has been released with a bug fix that recommends that users update as soon as possible, and that these updates may not yet be pushed to the user, the user can download it manually.