Hacked by subtitles

[Scary_Turtle]

Just found this http://hackaday.com/2017/05/25/hacked-by-subtitles/ seems pretty reliable after googling this there are many sites that verify it.

Basically VLC, Kodi (XBMC), Popcorn-Time and strem.io have an exploit where if the user downloads subtitles their PC could be taken over.

Kodi 17.3 has fixed this issue so make sure you update.

 

[Dan C]

Updated last night after reading about it.

 

[Ninji]

Yet another example of badly written code... assuming garbage collection is/was always there.

 

[Batista]

I open each srt file with notepad, dont use automated subtitles with anything.

 

[durbandave]

My understanding on the VLC side is that the exploit is not available in the latest version