A proof of concept attack using malicious video subtitle files reveals how adversaries can execute remote code on PCs, Smart TVs and mobile devices using popular video players and services such as VLC Media Player, Kodi, Stremio and Popcorn Time.
“This is a brand new attack vector. We haven’t seen this type of attack yet in the wild. But we believe there are upwards of 200 million video players and streamers vulnerable to this type of attack,” said Omri Herscovici, team leader for products research and development at Check Point Software Technologies.
Leave a reply