- Vulnerability in Plex Media Server has been corrected by the company
- Plex did not share any details on the bug, but urged users to update immediately
- Plex is a popular target for cybercriminals, mainly because of its popularity
The media plex streaming company said it has corrected a mysterious vulnerability recently affecting its Plex Media Server product and told users not to delay the application of the correction.
In an e-mail notification sent to some of its users, Plex declared that it has received a report via its Bounty program on a potential security problem affecting the versions of media Plex 1.41.7.x to 1.42.0.x.
However, other details on vulnerability are not known at the moment. The bug has no attributed cve, so we don’t know how serious it is.
No details on the bug
“Thanks to this user, we were able to solve the problem, publish an update version of the server and continue to improve our safety and our defenses,” said Plex in the warning by e-mail.
“You receive this opinion because our information indicates that a plex media server belonging to your Plex account runs an old version of the server. We strongly recommend that everyone update their plex media server to the most recent version as soon as possible, if you have not already done so.”
The clean version, plex media server 1.42.1.10060, can now be downloaded from the server management page or the company’s official download page.
Plex is a popular multimedia streaming platform, with millions of active monthly users. As a library of personal media and streaming system, it works on a variety of operating systems, including Windows, MacOS and Linux. There are also personalized variants of the system designed for NAS devices, storage units for external raids and digital media players.
All this means that Plex is often the target of cybercriminals that seek to exploit its potential. In 2021, it was reported that the DDOS-For-Hire services led to safety defects in Plex media servers as a UDP reflection / amplification vector in DDOS attacks.
Via Bleeping Compompute
