Kodi releases version 17.2 update with important security fix [UPDATE: 17.3 has now been released]

The Kodi team has just released version 17.2 of their great media player app. They’re still working on the next big release, “Leia” v18, but have release this new intermediate version because it contains an important patch to a security vulnerability that could allow malicious subtitle zip files to access your device.

The subtitle zip file security vulnerability, first discovered by Check Point, can be used to run malicious code on a system. It requires the user to unknowingly load compromised subtitles in a media player, which is not difficult to do since Kodi can access subtitle repositories and download subtitles on the fly. This security hole does not just affect Kodi, but also other popular media players, like VLC, Popcorn Time, and Streamio.

Version 17.2 of Kodi includes a patch for the subtitle vulnerability and also includes other bug fixes. You can download it through Kodi’s website, but the easiest way to update on a Fire TV or Fire TV Stick is to use my Downloader app from the Amazon appstore and enter bit.ly/kodi172 into the URL field.

Update

11:36am MrMC is not, and has never been, affected by the subtitle security issue. I do not know yet if SPMC is affected, but it’s best to assume it is vulnerable and to be cautious with subtitles.

4:55pm An issue with v17.2 caused add-ons to go missing, so v17.3 has been released with the issue fixed. You can use the short URL bit.ly/kodi173 in my Downloader app to update.

ShareTweetShare+1

24 comments
  1. TechyChris says:

    Does this security issue affect SPMC as well?

  2. Joe says:

    What’s the worst somebody can do to the firestick?

    • Jared says:

      The Firestick runs Android, so if the malware writers are taking that into account, it could turn your Firstick into a zombie or worse.

      • aross1976 says:

        i have 2 rooted fire sticks rooted with kingoroot the other day i went to turn on OTG and i noticed that one of them had lost root it has kodi 16.1 on it
        i am baffled as to how it lost root, maybe this has something to do with it because i did not update, updates are blocked

  3. Kevin Wyman says:

    Good to know. I just tried this add-on after updating and it works pretty well. Still getting used to the Kodi interface and not sure why I’d use Kodi over the main interface.

    http://forum.kodi.tv/showthread.php?tid=312858

    [Image: 5PNp0ybZHw8G9Uejq9dSHNGxITOezOJyifDY3sHp…oaoaQ=w300]
    Latest Relase 2017.5.17 Found in The Official Kodi Repo and My repo
    *Requires a PS Vue subscription

    Features
    Timeline
    My Shows
    Favorite Channels
    Live TV
    Sports
    Kids
    Recently Watched
    Featured

    Supports
    Multiple Profiles
    2-Step Verification

    *Please report any bugs, accompanied by a log file http://kodi.wiki/view/Log_file/Easy

  4. Y314K says:

    They must of found a new bug since Kodi is up to version 17.3 now.

  5. John C says:

    Would be much better to simply update the original post headline and text to advise on the correct update being 17.3 — and not just leave that as a footnote underneath the now-outdated 17.2 headline and original post text.

    I started to download the 17.2 version and only caught the change to 17.3 midway thru the 17.2 download. Having the wrong 17.2 info remain in the headline and main text of your post just creates confusion and the likelihood of wrong installs.

    • AFTVnews says:

      I agree there is definitely confusion, especially if someone doesn’t read the entire post before going to update. I try as much as possible to not edit a post, but instead add to it, so the original stays preserved for those who want to see the update progress. That is why I did it the way I did. I will add an update about 17.3 to the title though, since that should help alleviate confusion.

  6. derrick says:

    VLC does the actual playing of my local media far better than Kodi in my experience. Kodi stutters, lags, the search isn’t great. Outside of the add ons, at least on my firetv 2, i’ve found kodi just ok.

  7. Ichijoe says:

    Really though was this even an issue for those of us not running a Win-Tel x86-64?! I’m probably being ignorant here, but with all my “Playing” Devices being firmly in the ARM camp. Somehow I’m, just not feeling the urgent need to update, as I would say if this were a Windows, or possibly Linux Desktop version.

  8. Mike says:

    Does this flaw affect only those who are running Kodi on a computer?

  9. JRIH says:

    Have updated on FireTV to v 17.2 and then 17.3. With both versions, now when I enter or exit KODI, I get a dialog box stating my connection to the internet has been lost for about 5 seconds, then it comes back again. Anyone else having this issue? Never had it when on Jarvis v 16.2.

  10. MLB says:

    Upgraded my FireTV to Kodi 17.3 and got non-responsive add-ons and lots of crashes. Went back to Kodi 17.1 – no more issues. Seems like Kodi 17.3 is a bad release.

  11. Vinay says:

    I am a bit worried to update as it might mess up all my settings favourites and skin settings like amber settings. As anyone tried?

    • JRIH says:

      Vinay … when I updated from 16.2 to 17.2 & then 17.3, everything stayed the same, none of my settings, favorites, addons, etc. were lost.

      • Vinay says:

        Yes you are right! I upgraded from 16.2 to 17.3 directly and everything seems to be in order. It even fixed some broken add-ons!

Leave a Reply to JRIH Cancel reply

Your email address will not be published. Required fields are marked *

*

Get notified of new posts

Enter your email address to receive notifications of new posts by email.