Malicious Subtitles Threaten Kodi

the_bo · 23 May 2017 19:26

Hi

Just read this article here.

XBMC Foundation’s Project lead Martijn Kaijser informs TorrentFreak that the Kodi team is aware of the situation, which they will address soon. “We will release 17.2 which will have the fix this week,” he told us.

Heres a video of the attack in action taking over the victims computer

sam_nazarko · 23 May 2017 20:12

Resolved in:

the_bo · 23 May 2017 20:20

Good Job Sam

paulwebster · 24 May 2017 14:03

This is the zip file traversal problem at I asked about via Twitter (while forum was down).

swift88 · 24 May 2017 14:06

This is the official link from Checkpoint:

akjsefjwe · 24 May 2017 18:47

@sam_nazarko When will the fix actually land in a release? I just updated my RPi and it appears to still on Kodi 17.1 not 17.2

ooZee · 24 May 2017 19:14

chag · 24 May 2017 19:25

Hi, Is there a way to check if I have been hacked already ?

Amunt · 24 May 2017 19:41

Kodi 17.2 is released… Kodi v17.2: A minor bug fix and security release | News
When the OSMC update to 17.2?

sam_nazarko · 24 May 2017 19:51

See above.

There’s info on updates here:

Tilo · 24 May 2017 19:56

beside this would we be unaffected if not downloading any subtitle via Kodi interface until patched of OSMC is out?

sam_nazarko · 24 May 2017 19:59

That’s correct.

spacemanspiff · 24 May 2017 20:37

@sam_nazarko Just to be clear for everyone coming to this post, it sounds like this patch might not be released until the next monthly update. So beginning of June, correct?

Amunt · 24 May 2017 20:56

Bad news

sam_nazarko · 25 May 2017 01:05

The fix has already been included in OSMC. Please see OSMC Security Update for OSMC 2017.04-1 and earlier - OSMC

We don’t wait around when it comes to security.

This will not affect our usual update schedule. We still plan to deliver a monthly update over the Bank Holiday.

Sam

alexxtasi · 27 May 2017 16:10

Reading this topic, I manually checked for updares in OSMC (using the menu) and now in System Info I see “OSMC running Kodi 17.2”
So I think by now the update problem is fixed

AgentJ · 27 May 2017 19:44

Is this a Windows-only issue, or does it affect other operating systems as well?

the_bo · 27 May 2017 21:07

I believe it affects all kodi platforms. Sam has patched it. Update to latest version.

Gotimebort · 28 May 2017 00:10

What about Kodi 17.3 that was just released?

AgentJ · 28 May 2017 21:26

I updated to the latest version on my Mac, but my first generation Apple TV couldn’t update. Here’s a link to the log: http://paste.osmc.io/sevokesaki

Update 5/28/17 11:38 PM: I managed to get it to update. It showed that it was working on displaying the menus and then writing the menus, but then it rebooted and gave me a sad face. I haven’t rebooted it since, but it’s late. I’ll check on it tomorrow.