- A vulnerability in Plex Media Server has been determined by the business
- Plex shared no details of the error but encouraged users to update right away
- Plex is a popular target for cyber criminals, mostly because of its popularity
The media streaming company Plex says it has patched a mysterious vulnerability that affects its Plex Media Server product recently, and has asked users not to delay the application of the correction.
In an E -Mail message sent to some of its users, Plex said it received a report via its Bounty program about a potential security problem affecting Plex Media Server versions 1.41.7.x to 1.42.0.x.
However, other details of the vulnerability are not known at this time. The error has not awarded a cve, so we also do not know how serious it is.
No details of the error
“Thanks to the user, we were able to solve the problem, release an updated version of the server and continue to improve our security and defense,” Plex said in the e -mail warning.
“You are receiving this message because our information indicates that a Plex media server owned by your Plex account is running an older version of the server. We strongly recommend that everyone update their PLEX media server to the latest version as soon as possible, if you haven’t already done so.”
The clean version, Plex Media Server 1.42.1.10060, can now be downloaded from the server management page or the company’s official downloads page.
Plex is a popular media streaming platform with millions of active monthly users. As a personal media library and streaming system, it runs on a variety of operating systems including Windows, MacOS and Linux. There are also customized variants of the system made for NAS devices, external RAID storage devices and digital media players.
All of this often makes Plex goals for cyber criminals who want to exploit their potential. Back in 2021, it was reported that DDOS-for-Hire services utilized security errors in PLEX media service systems as an UDP reflection/amplification vector in DDOS attacks.
Via Bleeping computer
