bemy 3 Posted May 23, 2017 Posted May 23, 2017 Recently a subtitle attack vulnerability has been found in VLC, Kodi, PopcornTime and Stremio (4 out of 4 tested were found to be vulnerable). It was possible to do remote code execution and take full control of the affected system. See: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ Details have not been published, but I think the Emby developers can get more information from the research team if needed. Has Emby been checked if there is a risk and/or has this been fixed? 2
hansel3 0 Posted June 13, 2017 Posted June 13, 2017 Just wondering if there's an update on whether or not Emby is affected by this vulnerability
hansel3 0 Posted September 19, 2017 Posted September 19, 2017 Is there a statement from the developers on this issue? Is Emby vulnerable?
Luke 42083 Posted September 19, 2017 Posted September 19, 2017 They have not released technical details and we have repeatedly emailed and asked their team to test Emby and have not gotten any response. That means either they are not interested in testing Emby or they didn't find anything and chose not to reply. I have not been able to get any response from them.
jemma213GH 0 Posted October 2, 2017 Posted October 2, 2017 (edited) Hey !! Man I also saw the same thing on a forum last night. The thread was like below mentioned: VLC, Kodi, Popcorn Time and Stremio vulnerable to malware fired from booby-trapped subtitles https://www.theregister.co.uk/2017/05/2 ... es_return/ By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can hope to take complete control of any device running the vulnerable platforms. Hackers have pushed trojans under the guise of subtitle files as far back as 2003. https://yesmoviesapp.com/yes-movies-apk/ At first i thought it's nothing to worry about. But now again after seeing another thread posing the same issue i guess it's something to worry. I hadn't been using anti virus on my pc . I guess now i have to buy one!! Edited October 3, 2017 by jemma213GH
Sammy 790 Posted October 2, 2017 Posted October 2, 2017 Emby uses Open Subtitles as does Kodi apparently. I just recently changed my Emby settings to not match the video exactly so I can get a few more subs but maybe these are the ones causing issues? It would be good to know if mpv has issues with this. Thanks.
pansariMAD 0 Posted December 13, 2017 Posted December 13, 2017 (edited) Hey !! Man I also saw the same thing on a forum last night. The thread was like below mentioned: At first i thought it's nothing to worry about. But now again after seeing another thread posing the same issue i guess it's something to worry. I hadn't been using anti virus on my pc . I guess now i have to buy one!! Hey !! Man I also saw the same thing on a forum last night. The thread was like below mentioned: At first i thought it's nothing to worry about. But now again after seeing another thread posing the same issue i guess it's something to worry. I hadn't been using anti virus on my pc . I guess now i have to buy one!! Well i have been using movie streaming apps for a long time. but haven't got reported of any such thing in past. I would just like to know the safest movie streaming. That can avoid such exploits Edited December 14, 2017 by pansariMAD
Tur0k 148 Posted December 13, 2017 Posted December 13, 2017 (edited) Remote code execution can be serious. With the publishers of the vulnerability not responding to requests for the status of Emby, there is little that can be done from a patching perspective to ET. Good hardening protocols would be to: 1. Get AV/AM with heuristics capability on top of a good set Imig signatures for malicious activity. 2. Configure your network to use a DNS service that automatically blocks calls to known malicious domains. A. opendns is a good option. I think they are now named Cisco umbrella), B. Pi-hole is a really great solution you can stand up at home to block ads, this should be relatively easy to add DNSBL web lists for known malicious domains. C. PFBlockerNG can be configured to block access to the same DNSBL web lists that enumerate malicious domains. It also has the ability to block network communication to and from public IPv4 and IPv6 addresses based on web lists. 3. Implement a network IDS (intrusion detection system) that has a good heuristic and a good signature list for malicious activity. Currently, I have implemented a component for each recommendation. 1. I use webroot for AV/AM on each system in my network. 2. I use PFBlockerNG. I subscribe to a few DNSBL and IPv4/IPv6 lists that list malicious, compromised, and illicit content that I don't want on my network. I then set my DNS default forwarder to OpenDNS. Whatever isn't caught by my system goes through a second filter with openDNS. 3. I run an IDS system on my network and block/close connections and then notify when a potential threat is detected. Sent from my iPhone using Tapatalk Edited December 13, 2017 by Tur0k
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now