January 17, 2021

Flaw found in MX Player by Tenable Research leaves millions exposed.

Tenable Research  released a publication which has a detailed information of the vulnerability found in MX Player. MX Player is an Indian video streaming and video-on-demand platform. The vulnerability found can leave millions of consumers exposed.

Exploiting this vulnerability an attacker can easily gain remote access to an user’s device and manipulate it. This can possibly happen when a user is waiting to receive a new file through the file transfer feature.The path traversal vulnerability can be exploited by the attacker and in few devices, one can achieve code execution using specially crafted files.  MX Player’s transfer service password is openly shared as a Bluetooth device name. Thus an unauthenticated attacker within the Bluetooth range can easily exploit this vulnerability.

MX Player has been informed about this vulnerability by Tenable.These flaws have been removed in version v1.24.5