Check Point: Hacked in Translation

Check Point has issued anadvisory that a number of video-player applications can be compromisedvia specially crafted subtitles. "By crafting malicious subtitlefiles, which are then downloaded by a victim's media player, attackers cantake complete control over any type of device via vulnerabilities found inmany popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Timeand strem.io. We estimate there are approximately 200 million video playersand streamers that currently run the vulnerable software, making this oneof the most widespread, easily accessed and zero-resistance vulnerabilityreported in recent years."