About 200 million users of video players and streamers are vulnerable to an attack that uses malicious subtitle files.
According to security researchers from Check Point, the attackers can execute remote code on PCs, Smart TVs, and mobile devices using popular video players and services such as VLC Media Player, Kodi, Popcorn Time and Stremio.
“This is a brand new attack vector. We haven’t seen this type of attack yet in the wild. But we believe there are upwards of 200 million video players and streamers vulnerable to this type of attack,” writes Omri Herscovici, team leader for product research and development.