Users of popular media players like PopcornTime, VLC and Kodi can be hacked by malicious subtitles; a warning by security company Check Point which should be taken seriously. According to the company, there are about 200 million video players and streamers running the vulnerable software.
Subtitles are often seen as innocent text files, but according to the researchers, these text files can be used to perform malicious actions on victim’s devices.
There are over 25 different subtitle formats in use, each with unique features and capabilities. Media players often need to handle multiple subtitle formats, using any media player in a different way. Like other cases of fragmented software, this causes many vulnerabilities.
Through a malicious subtitle, it’s possible to completely take over the platform on which the media player or streamer is running, so they warn.