MX Player patches critical RCE vulnerability null
Popular media player application and OTT platform MX Player, that has over five hundred million downloads from Play Store, was found to have critical security vulnerabilities.
MX Player was initially only used as a media file player and became a free online content streaming platform after it was acquired by Times Internet. It is one of the most used OTT platforms in India and comes with additional features like MX Transfer that allows users to wirelessly transfer media content and applications.
Remote code execution vulnerability
It is this file transfer feature that was found to be vulnerable by David Wills, a researcher at security firm Tenable Security. According to Wills, the files transfer feature creates a hotspot making one device to sender and the other one as receiver to transfer content. During this process, a hacker, who’s within the Bluetooth range of these devices, can intrude and inject executable files.
Since MX Players file transfer protocol allows multiple files to be transferred in a single session it offers a gateway for the interloper to barge in and transfer files that carries malware payload.
These files or applications can be controlled remotely and can be used to install other files, snoop or steal private files stored on the device and send them to remote servers belonging to the hackers.
This test was performed using Android smartphones Pixel 3 and Pixel 3 XL, Wills however did not disclose if the iOS applications of MX Player were also vulnerable to remote code exploit.
The details of this vulnerability were shared with the MX Player team and while they only got very little response from the team, the vulnerability seems to have been fixed with the latest update that was released on July 6th.
So, In case you have MX Player installed on your phone, it is advisable to manually update the application to its latest version as soon as possible.
Popular media player application and OTT platform MX Player, that has over five hundred million downloads from Play Store, was found to have critical security vulnerabilities. MX Player was initially only used as a media file player and became a free online content streaming platform after it was acquired by…
Recent Posts
- Zack Snyder’s Rebel Moon movies are a fandom menace
- I love my Amazon Kindle but foldable phones have convinced me its time is up – here’s why
- DJI’s pint-sized Mini 3 is on sale with a DJI RC controller for its best price yet
- What we’re listening to: The Tortured Poets Department and Eternal Sunshine
- 7 Best Smart Plugs (2024): Indoor Plugs, Outdoor Plugs, and Advice
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011