Plex warns users to update systems immediately after detecting worrying security issue - here's what we know

News
By published

Plex users warned to be on their guard

A screenshot of the plex homepage
(Image credit: Future)
  • A vulnerability in Plex Media Server has been fixed by the company
  • Plex did not share any details about the bug, but urged users to update immediately
  • Plex is a popular target for cybercriminals, mostly due to its popularity

Media streaming company Plex says it has patched a mysterious vulnerability affecting its Plex Media Server product recently, and has told users to not to delay applying the fix.

In an email notification sent out to some of its users, Plex said it received a report via its bounty program about a potential security issue affecting Plex Media Server versions 1.41.7.x to 1.42.0.x.

However other details about the vulnerability are not known at this time. The bug does not have a CVE assigned, so we don’t know how serious it is either.

No details about the bug

“Thanks to that user, we were able to address the issue, release an updated version of the server, and continue to improve our security and defenses," Plex said in the emailed warning.

"You're receiving this notice because our information indicates that a Plex Media Server owned by your Plex account is running an older version of the server. We strongly recommend that everyone update their Plex Media Server to the most recent version as soon as possible, if you have not already done so."

The clean version, Plex Media Server 1.42.1.10060, can now be downloaded from the server management page, or the company’s official downloads page.

Plex is a popular media streaming platform, with millions of active monthly users. As a personal media library and streaming system, it runs on a variety of operating systems including Windows, MacOS and Linux. There are also customized variants of the system made for NAS devices, external RAID storage units and digital media players.

All of this makes Plex often the target of cybercriminals looking to exploit its potential. Back in 2021, it was reported that DDoS-for-hire services were leveraging security flaws in Plex Media Server systems as a UDP reflection/amplification vector in DDoS attacks.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.