SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.
"The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers," said Omri Herscovici, vulnerability research team leader at Check Point.
The subtitles for films or TV shows are created by a wide range of subtitle writers, and uploaded to shared online repositories, such as OpenSubtitles.org, where they are indexed and ranked. Researchers also demonstrated that by manipulating the repositories' ranking algorithm, malicious subtitles can be automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain without user interaction.
Source: https://www.helpnetsecurity.com/2017/05/23/subtitle-hack/
(Score: 2) by jasassin on Thursday May 25 2017, @02:14AM
I ran top to monitor all the video players under Linux. Totem used to work, but after an update it's totally busted. Totem now maxes out my CPU for some reason. mpv (the newest iteration of mplayer/mplayer2) uses half the CPU of VLC.
I wonder why VLC is so slow compared to mpv when they have access to all the mpv code. Oh well, mpv is the best I've found.
I wonder if mpv has any subtitle bugs.
jasassin@gmail.com GPG Key ID: 0x663EB663D1E7F223