Excl. VATInc. VAT

Kodi Subtitles Bug VLC Code Security Concerns

If you have seen a notification about an update for Kodi to fix security concerns, or use subtitles when in Kodi or a similar application, this post details the changes you may make to need to ensure your mini home theatre PC or other gadget is secure.

Kodi 17.3 has been released today in quick succession to 17.2

Although 17.2 addressed the concerns raised over security, it still introduced some minor bugs, 17.3 addresses there:
Fixed missing binary add-ons on release time
Fixed crash on older distros like Ubuntu 14.04 with GCC 4.8 compiler

Some code within VLC (some of which is used within Kodi) has been found to not be properly sandboxed. If a malformed (maliciously) subtitle is loaded up, the attacker could theoretically gain access to other areas of your Android device.

In its self, by no means the worst news we have in this world right now, but an insecure device on your network could be a staging point for other, more sensitive devices in your home.

If you never use subtitles when watching video streams (nor see them appear automatically most of the time), there is not a pressing need to update immediately.



Kodi 17 Krypton Splash Screen

Kodi 17 (Krypton)

If you currently use subtitles in version 17.0 or 17.1 either disable them entirely or at least disable automatic download. To do this, click the Settings icon of a cog in Kodi’s homescreen, then click on the Player entry. Now select the Language area, “Auto download first subtitle” should not be enabled.

To contine to use subtitles, you can update to Kodi 17.3 via Google’s Play Store or directly via an APK file from http://mirrors.kodi.tv/releases/android/arm/kodi-17.3-Krypton-armeabi-v7a.apk .
If either approach does not allow the update to occur, return to the Play Store and click the Uninstall button. Once this completes, press the Install button.

You can check which version of Kodi Krypton you are currently running by clicking the System shortcut (an icon of a cog) in Kodi’s homescreen, then click the System Information entry.


DBMC Logo 128 128






Kodi 16 Jarvis Splash

SPMC Splash Screen







LibreELEC Square Logo OpenELEC

Kodi Jarvis (16) or earlier in Android, or DBMC (DroiX Media Centre), SPMC , Kodi in LibreELEC 7 or 8, OpenELEC 6


If you use subtitles disable the them for now. Check with the application author for an available update that came out in late May at the earliest.
If you run Kodi 16.1 or earlier in Android, check the Play Store for updates. If your device has Android 4 (KitKat), please see Get Kodi 17 (Krypton) On Android 4 Devices! for details about Kodi 17 alternatives (as Krypton/17 requires Android 5 or higher).
Check in the threads linked to for updates for FTMC and Mygica that fix the subtitle security issue.
DBMC users will need to switch to Kodi or the applications mentioned in the previous link if they need to use subtitles. Once SPMC is updated, we hope to be able to bring out an updated DroiX Media Centre as well. If you are happy to continue to use DBMC without subtitles, please click the System menu, then Add-ons, from here, My Add-ons or Installed Add-ons, then Subtitles. Long click on the installed services, select Info and then click Uninstall for each.
OpenELEC and LibreELEC 7 users can either switch to Android or disable subtitles (System, Add-ons, My Add-ons or Installed Add-ons, Subtitles, Long click on the installed services, select Info and then click Uninstall.)
If compatible updates are released for either operating system we will post the news here at this blog.





FTMC Media Center Mygica Media Center Splash

SPMC, FTMC, Mygica

Check for any FTMC and Mygica updates  in the threads linked here, that fix the subtitle security issue.






To get the latest news about Kodi releases, be sure to keep an eye on https://kodi.tv/blog , as well as this blog and with the community at the DroiX forum.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on reddit
Share on tumblr

Related Products

Related Posts

Random Posts

We will be happy to hear your thoughts

Leave a reply

Only The Best Product Range

iMXQpro Mini Retro-Gaming Edition with the iPega 9076 Wireless Gamepad

DroiX iMXQpro Mini Retro-Gaming Edition

Top-Notch Retro Gaming Experience – On a budget. The DroiX iMXQpro Mini Retro Gaming Edition is the proof that you don’t need a High-End Gaming PC or Console to enjoy your favourite Retro Games and Emulators.
The processing power is provided by a Quad-Core Amlogic S905W Processor which will provide high-end performance at all times. The Penta-Core Mali-450MP Graphical Processing Unit is capable of rendering your favourite Emulators and Retro Games with no issues.
2GB of DDR3 RAM will ensure that you will feel no lag when switching between applications or loading new ones, and the Fast 16GB of eMMC Storage is more than enough to store your full Retro Gaming Library.
The DroiX iMXQpro Mini Retro Gaming Edition runs Android 6.0 Marshmallow, allowing you to Install your whole library of Applications from the Google Play Store.

ACEPC CK2 i7 Windows 10 Mini PC for Home or Office - RJ45 Ethernet Port, Video Outputs (HDMI, DisplayPort and VGA) and 5.5mm Power Adapter Port

DroiX CK2 Intel i7 NUC Windows 10 Ultra HTPC

  • Intel® Core™ i7-7500U Processor, 8GB DDR4 RAM and 256GB NVMe SSD Storage
  • Windows 10 PRO Pre-Installed
  • Multiple Displays Output
  • 2.5″ HDD/SSD Bay for Expandable Storage
  • Dual-Band Wi-Fi w/ 1GB/s RJ45 Port
Compare items
  • Total (0)