The Kodi team has just released version 17.2 of their great media player app. They’re still working on the next big release, “Leia” v18, but have release this new intermediate version because it contains an important patch to a security vulnerability that could allow malicious subtitle zip files to access your device.
The subtitle zip file security vulnerability, first discovered by Check Point, can be used to run malicious code on a system. It requires the user to unknowingly load compromised subtitles in a media player, which is not difficult to do since Kodi can access subtitle repositories and download subtitles on the fly. This security hole does not just affect Kodi, but also other popular media players, like VLC, Popcorn Time, and Streamio.
Version 17.2 of Kodi includes a patch for the subtitle vulnerability and also includes other bug fixes. You can download it through Kodi’s website, but the easiest way to update on a Fire TV or Fire TV Stick is to use my Downloader app from the Amazon appstore and enter
4:55pm An issue with v17.2 caused add-ons to go missing, so v17.3 has been released with the issue fixed. You can use the short URL