Plex warns users to update systems immediately after detecting worrying security issue - here's what we know

20 hours ago 6

(Image credit: Future)

A vulnerability in Plex Media Server has been fixed by the company
Plex did not share any details about the bug, but urged users to update immediately
Plex is a popular target for cybercriminals, mostly due to its popularity

Media streaming company Plex says it has patched a mysterious vulnerability affecting its Plex Media Server product recently, and has told users to not to delay applying the fix.

In an email notification sent out to some of its users, Plex said it received a report via its bounty program about a potential security issue affecting Plex Media Server versions 1.41.7.x to 1.42.0.x.

However other details about the vulnerability are not known at this time. The bug does not have a CVE assigned, so we don’t know how serious it is either.

No details about the bug

“Thanks to that user, we were able to address the issue, release an updated version of the server, and continue to improve our security and defenses," Plex said in the emailed warning.

"You're receiving this notice because our information indicates that a Plex Media Server owned by your Plex account is running an older version of the server. We strongly recommend that everyone update their Plex Media Server to the most recent version as soon as possible, if you have not already done so."

The clean version, Plex Media Server 1.42.1.10060, can now be downloaded from the server management page, or the company’s official downloads page.

Plex is a popular media streaming platform, with millions of active monthly users. As a personal media library and streaming system, it runs on a variety of operating systems including Windows, MacOS and Linux. There are also customized variants of the system made for NAS devices, external RAID storage units and digital media players.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

All of this makes Plex often the target of cybercriminals looking to exploit its potential. Back in 2021, it was reported that DDoS-for-hire services were leveraging security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.

Via BleepingComputer

A popular fake Telegram Premium site has been flooding the web with malware
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article