Check your Fire TV Stick now! Urgent warning issued to all users th…

If you have a Fire TV Stick plugged into your telly then it’s vital that you check it’s fully updated with the very latest software. This urgent warning has been issued by the security experts at Bitdefender, who discovered a number of vulnerabilities that could leave the streaming gadgets open to attack from cyber criminals.

In fact, one of the flaws was so serious it could have resulted in attackers gaining full control of the device – that’s clearly worrying for anyone who uses Amazon’s popular TV tech.

A total of three bugs were found, with the team alerting Amazon of the issues late last year.

The online retailer has now released an urgent patch but it’s vital that users check to make sure things are fully updated to the very latest operating system.

Luckily, it appears that the software release has happened quickly enough to stop any attacks from taking place with no evidence that the issues have been used against customers.

Bitdefender says it has been working closely with the Amazon Fire TV team through all stages of vulnerability disclosure with the firm praising Amazon for its speedy response.

To check your Fire TV is up to date follow these steps.

To update your Fire TV Stick, navigate to Settings > My Fire TV > About and select Check for System Update. If there is an update available, you can install it right away. Your system will restart once it is done downloading.

Vulnerabilities at a glance

• Unauthorized authentication through local network PIN brute forcing. This vulnerability was caused by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that could have resulted in attackers gaining control of the device. (CVE-2023-1385)

• A vulnerability in the setMediaSource function on the service allowed for arbitrary Javascript code to be executed. It could be used to load arbitrary HTTP URLs in the webview. (CVE-2023-1384)

• A vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. (CVE-2023-1383)

Source: Read Full Article