Kodi just launched one small bug fix for the Kodi v17 Krypton which further improves the stability and usability. The range of versions Kodi V17.1 and v17.0 contained errors in subtitle zip files so security fixes have been included here.
Below are the fixes available in Kodi v17.2 download:
- Quick fix for wake up command not being called in PVR power management
- Fix possible security flaw which could be abused .zip files which try to traverse to a parent directory
- Detect and delete zero-byte database files which cause crashes
- Set the minimum version of the code which is currently OSX 10.8
- Fix to handle of gaps that caused eradic behavior in EPG grid
- Use alternative method to check if platform updates have been installed on Windows
- Use the correct TTC font from the video file for subtitles on Windows
If you had missed the main security bug that made millions of devices hackable using subtitles that could infect and manipulate the user’s computer.
According to Check Point blog, the researchers revealed that hackers could take control of the victim’s computer by using malicious subtitle files which made 200 million devices potentially at risk with zero resistance vulnerability.
Kodi and other Online Streaming services like PopcornTime, VLC, Stremio were at risk since the hacker could make remote code execution.
The Infographics represents how the Attacker hacked devices using subtitles.
Kodi 17.2 Download can be manually done for Android, iOS, Windows, Mac OS X, Linux by visiting the Kodi Download page.
Update: Install Kodi 17.2 on Firestick to prevent malicious subtitle hacks.