Update Your Plex Server Now to Fix This Security Vulnerability

Bug bonuse programs are extremely useful for strengthening security in the software we use daily. If you use Plex, a vulnerability has been discovered via said program – and you will want to update as soon as you have the opportunity, because it seems serious.

Plex began to warn users that they should immediately update their software to correct a newly discovered vulnerability, but still detailed. The company has taken the unusual measure to send an e-mail directly to users performing affected server versions, which must be quite serious.

The security problem has an impact on the versions of plex media server 1.41.7.x via 1.42.0.x. In an email sent to users Thursday, four days after the release of the correction, Plex confirmed that the vulnerability had been disclosed in a responsible manner via its bonus program of bugs. According to Plex, “thanks to this user, we were able to solve the problem, publish an update version of the server and continue to improve our security and our defenses.” However, Plex has remained tight on the nature and severity of the fault. As I write this, not even a CVE-ID, the standard identifier for known cybersecurity vulnerabilities, was allocated.

The company has also provided no technical details which would specify whether the bug could authorize exposure to data, denial of service or a more severe attack on the execution of remote code (RCE). It’s good, however. As it is not a publicly disclosed vulnerability, Plex does not want attackers to move around possible entry points and potentially reach vulnerability by themselves, and he does not want them either, or how much they can do it. What they can However, is the opposite update of the update to identify the underlying vulnerability, so you will want to download it as soon as possible. Once understood, they can develop exploits to target all the servers that remain not corrected – you would be surprised by the number of people who decide never to update their servers. Seeing how the company seemed necessary to send emails to people on this subject, it is certainly more seriously.

Plex has supported serious security problems in the past, some having deep consequences beyond its own ecosystem. In March 2023, the American Cybersecurity and Infrastructure Safety Agency (CISA) added a three-year plex vulnerability, identified as CVE-2020-5741, in its known vulnerability catalog. This RCE defect, if it is successfully exploited, could allow an attacker to execute arbitrary code on the server of a user.

The patch and secure version is plex media server 1.42.1.10060, which is available via the integrated server update mechanism or directly from the official Plex download page. If you have a plex server, download the update as soon as you can.

Source: Bleeping Computer