Perpetrators use various methods, also referred to as ‘attack vectors’, to deliver cyberattacks. These attack vectors can be divided into two major categories: Either the attacker persuades the user to visit a malicious website, or he tricks him into running a malicious file on his computer.
Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.
Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk. Read more
Kodi Team Response
You may have read in the news that malicious subtitle zip files could potentially infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contacted us up front to let us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms. Read more
2. You will then need to enable developer mode on the stick and obtain the IP address. A) Enable developer mode by going to Settings > System > Developer options . Turn on ADB debugging and Apps from unknown sources. B) Obtain the IP from the same location under <About>
( Note with these instructions you will not need to install ES File Explorer) ES file explorer allows you to install a app from the website. Using ADB , you can push the app to the device over your local network.
3. At the moment the best addon to use is Exodus .
How to Install Addon Installer so you can install Exodus
(Thanks to Expire0 Hub Space for the below )
Install adblink on your PC. Open adblink . click new , enter the IP address you obtain from step 2. Enter a brief description . Everything else can remain the same.Click the save button and click connect. After a few seconds, you will see the device under connected devices. Now Click install APK and locate the Jarvis APK file you downloaded under step 2. Install the Jarvis apk file, this can take about 5 to 10 minutes depending on your local network speed. Once installed, you will go back to the fire stick and open Kodi under apps. You are good to proceed to the below steps.
Select SYSTEM > File Manager
Select Add Source
Type the following EXACTLY http://expire0.in/source and select Done
Highlight the box underneath type Expire Hub
Go back to your Home Screen
Select Install from zip file
Select Expire Hub
Wait for Add-on enabled notification
Once Addon the repository has been installed
Select install from repository
Select Expire Hub
Under repository , locate exodus and install the exodus repository.
Once the repository has been install. Repeat the steps again and this time select the Exodus repository and go into video addons. From there you will see the Exodus addon . Click the addon link to install exodus. Once Exodus has been installed , you can use the addon by going to video > video addons .
You can repeat the addon install steps to install other addons.
Expire0 has a build template that is available to be installed. A build saves you the time from installing each individual addon. Expire0 Hub Build includes the best 30 addons out there. To gain access to the build you will need to contact Expire0 via twitter. Please visit the site for more information.
So there has been some kodi wars with the developers of certain add-ons. One being with Anonymous,Maverick, Silent hunter and Beau builds. The issue I have with some kodi developers. They like you when you follow them and hate you when you decide to create your own repo or addon. The Anonymous team encourages you to clone their addon and make it your own. I also find it funny that most addon owners dont even know Python :/
Please be careful as to which kodi addons you install on your system. Recently Maverick added some code to remove the anonymous addon. This is very unacceptable within the kodi community and he is doing so without the users knowledge. This is on the same lines as creating some type of malware. The code he use is some standard Python code. Nothing major, but the point is he is removing something from a user device without their knowledge.
for root, dirs, file in os.walk(addons):
for dir in dirs:
if 'anonymous' in dir.lower():
path = addons + dir