- The company has solved a vulnerability on the media media server
- Plex did not share any detail about the error, but urged users to update immediately
- Plex is a popular objective for cybercriminals, mainly due to its popularity
The Plex Media Transmission Company says that it has paved a mysterious vulnerability that recently affects its Plex Media Server product, and has told users that they do not delay the application of the solution.
In an email notification sent to some of its users, Plex said that he received a report through his rewards program on a possible security problem that affects the versions of Plex Media Server 1.41.7.xa 1.42.0.x.
However, other details about vulnerability are not known at this time. The error does not have an assigned CVE, so we don’t know how serious it is.
There are no details about the error
“Thanks to that user, we were able to address the problem, publish an updated version of the server and continue improving our safety and defenses,” Plex said in the warning sent by email.
“You are receiving this notice because our information indicates that a Plex media server owned by your Plex account is executing an earlier version of the server. We strongly recommend that all update its Plex Media server to the most recent version as soon as possible, if you have not yet done.”
The clean version, Plex Media Server 1.42.1.10060, can now be downloaded from the server administration page, or the company’s official download page.
Plex is a popular media transmission platform, with millions of active monthly users. As a Personal Media Library and Transmission System, it is executed in a variety of operating systems, including Windows, Macos and Linux. There are also personalized variants of the system made for NAS devices, storage units of external raids and digital media players.
All this makes Plex often the objective of cybercriminals who seek to exploit their potential. In 2021, it was reported that DDOS-For rent services were taking advantage of security failures in Plex Media Server systems as a UDP reflection/amplification vector in DDo attacks.
Through Bleepingcomputer
