Update Your Plex Server Now to Fix This Security Vulnerability
Plex has started warning users that they should immediately update their software to patch a newly discovered, yet-to-be-detailed vulnerability. The company took the unusual step of directly emailing users running affected server versions, so it must be a pretty serious one.
The security issue impacts Plex Media Server versions 1.41.7.x through 1.42.0.x. In an email sent to users on Thursday, four days after the patch was quietly released, Plex confirmed the vulnerability was responsibly disclosed through its bug bounty program. According to Plex, "thanks to that user, we were able to address the issue, release an updated version of the server, and continue to improve our security and defenses." However, Plex has remained tight-lipped about the nature and severity of the flaw. As of the time I'm writing this, not even a CVE-ID, the standard identifier for publicly known cybersecurity vulnerabilities, has been assigned.
The company has also not provided any technical details that would clarify whether the bug could allow data exposure, denial of service, or a more severe remote code execution (RCE) attack. This is fine, though. Since it's not a publicly disclosed vulnerability, Plex doesn't want attackers to go poking around possible entry points and potentially coming across the vulnerability by themselves, and it also doesn't want them to know how much, or how little, they can do with it. What they can do, however, is reverse-engineer the update to identify the underlying vulnerability, so you'll want to download it as soon as you can. Once understood, they can develop exploits to target any servers that remain unpatched—you'd be surprised by the number of people who decide to just never update their servers. Seeing how the company felt it necessary to actually email people about it, it's definitely more on the serious side.
Plex has contended with serious security issues in the past, with some having far-reaching consequences beyond its own ecosystem. In March 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a three-year-old Plex vulnerability, identified as CVE-2020-5741, to its catalog of known exploited vulnerabilities. This RCE flaw, if successfully exploited, could allow an attacker to execute arbitrary code on a user's server.
The patched and secure version is Plex Media Server 1.42.1.10060, which is available through the server's built-in update mechanism or directly from the official Plex downloads page. If you have a Plex server, download the update as soon as you can.
Source: Bleeping Computer
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
14 hours ago
- Forbes
The PlayStation 5 Is About To Get A Major Price Increase — Here's When And How Much
Over the course of video game history, more often than not the most expensive time to buy a system is when it first comes out. Early adopters pay a premium. After a year or so on the market, you start to see reasonable discounts at least during sales. Three or four years into a console's lifecycle, it's common now to see a refresh. Maybe PlayStation Slim or Pro, or and Xbox One X or a Nintendo Switch OLED. Prices on the launch models come down more while the brand new model releases at the original, higher price. The current global economy has run havok with tech pricing norms. Now, it's much harder to say whether a video game console will be more expensive at launch or not. The PlayStation 5 released in November of 2020 – nearly five years ago! – and now, almost half a decade into its lifecycle, Sony has announced price increases. The prices for each PS5 model are increasing by $50. This is what that looks like: The price hike is taking place Thursday, August 21st. This means you have today to get out and buy a console if you were hoping to get a PlayStation 5 at current prices. That's not much warning from Sony. 'Similar to many global businesses, we continue to navigate a challenging economic environment," the company said in a blog. "As a result, we've made the difficult decision to increase the recommended retail price for PlayStation 5 consoles in the U.S. starting on August 21.' Sony did not go into detail for the reasons behind the price hike. Inflation, the ongoing trade war sparked by Trump's tariffs, overall global economic uncertainty – take your pick. As of now, at least, PS5 accessory pricing remains unchanged. This is the opposite approach to Nintendo, which raised the cost of accessories but left the Nintendo Switch 2 price the same. FEATURED | Frase ByForbes™ Unscramble The Anagram To Reveal The Phrase Pinpoint By Linkedin Guess The Category Queens By Linkedin Crown Each Region Crossclimb By Linkedin Unlock A Trivia Ladder
Yahoo
a day ago
- Yahoo
Update Your Plex Server Now to Fix This Security Vulnerability
Bug bounty programs are extremely useful to reinforce security in the software we use daily. If you use Plex, a vulnerability has been discovered via said program—and you'll want to update as soon as you get a chance, because it sounds serious. Plex has started warning users that they should immediately update their software to patch a newly discovered, yet-to-be-detailed vulnerability. The company took the unusual step of directly emailing users running affected server versions, so it must be a pretty serious one. The security issue impacts Plex Media Server versions 1.41.7.x through 1.42.0.x. In an email sent to users on Thursday, four days after the patch was quietly released, Plex confirmed the vulnerability was responsibly disclosed through its bug bounty program. According to Plex, "thanks to that user, we were able to address the issue, release an updated version of the server, and continue to improve our security and defenses." However, Plex has remained tight-lipped about the nature and severity of the flaw. As of the time I'm writing this, not even a CVE-ID, the standard identifier for publicly known cybersecurity vulnerabilities, has been assigned. The company has also not provided any technical details that would clarify whether the bug could allow data exposure, denial of service, or a more severe remote code execution (RCE) attack. This is fine, though. Since it's not a publicly disclosed vulnerability, Plex doesn't want attackers to go poking around possible entry points and potentially coming across the vulnerability by themselves, and it also doesn't want them to know how much, or how little, they can do with it. What they can do, however, is reverse-engineer the update to identify the underlying vulnerability, so you'll want to download it as soon as you can. Once understood, they can develop exploits to target any servers that remain unpatched—you'd be surprised by the number of people who decide to just never update their servers. Seeing how the company felt it necessary to actually email people about it, it's definitely more on the serious side. Plex has contended with serious security issues in the past, with some having far-reaching consequences beyond its own ecosystem. In March 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a three-year-old Plex vulnerability, identified as CVE-2020-5741, to its catalog of known exploited vulnerabilities. This RCE flaw, if successfully exploited, could allow an attacker to execute arbitrary code on a user's server. The patched and secure version is Plex Media Server 1.42.1.10060, which is available through the server's built-in update mechanism or directly from the official Plex downloads page. If you have a Plex server, download the update as soon as you can. Source: Bleeping Computer
Tom's Guide
4 days ago
- Tom's Guide
This breakthrough TV tech has Samsung, Sony and Hisense seeing dollar signs — here's why it could beat OLED in one big way
Here's a promise I can keep: In the coming years, you'll be hearing a lot about something called RGB Mini-LED. Recently, several companies unveiled TVs that sport this brand-new display technology, and each of these brands couldn't be more excited about the benefits RGB Mini-LEDs bring to the viewing experience. We're talking brighter pictures, improved contrast, and color volume that very well could exceed what we've seen on the best OLED TVs on the market. Here's everything you need to know about how Samsung, Hisense and Sony are putting their own spin on RGB Mini-LEDs, and why these sets could be the start of a new era in TV tech. While each TV maker exploring post-Mini-LED panel technologies is playing around with different formulas, the basic approach is similar for Samsung, Hisense and Sony. Previous iterations on LED backlighting have revolved around making the LEDs smaller with more controllable zones, thus enhancing contrast. This is why Mini-LEDs are considered the current gold standard for consumer LED TVs. However, in addition to their super-small size, RGB Mini-LEDs have an additional trick up their sleeve: color variation. RGB Mini-LEDs have an additional trick up their sleeve: color variation. Even the best Mini-LED displays on the market today use white LEDs and color filters to produce color. RGB Mini-LEDs, however, tap red-, green- and blue-colored LEDs that can be independently controlled across all dimming zones. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. This hardware upgrade allows for some seriously sensational hues. According to the brands leading the charge, RGB Mini-LED TVs are capable of covering 95% to 100% of BT.2020 (an international standard for color accuracy that industry folks use to measure a display's color production). If OLED TVs are the kings of contrast, an advantage like this would make RGB Mini-LED the undisputed kings of color. To date, even the best, quantum dot-equipped OLED TVs hover around 89% to 92% coverage of the BT.2020 color gamut. Remember: Not all TV brands are leveraging this new tech in precisely the same way. There are key hardware- and software-related differences from one brand's design to the next, and exactly how this new technology is deployed depends on a number of factors. With that in mind, let's take a look at where Samsung, Hisense and Sony stand with their take. Samsung recently unveiled the first of its TVs to bridge the gap between traditional Mini-LED and next-generation Micro-LED with the Samsung Micro RGB TV. Currently, it's only being made available in a 115-inch model, which will set you back a whopping $29,999. Samsung claims that it's capable of covering 100% of the BT.2020 color gamut. That would be higher than any TV I've measured in my ten-year history of testing TVs. The Samsung Micro RGB TV comes with a native 144Hz refresh rate, built-in smart features and Samsung's Vision AI software suite. Similar to the brand's flagship OLED, the Samsung S95F, this Micro RGB TV is dressed with a matte, glare-free finish. Credit where credit is due: Hisense was the first brand to introduce me to this next-generation TV technology earlier this year. Originally, Hisense was calling its take TriChroma LED, but according to recent press materials, this has been swapped out for the name RGB Mini-LED. Originally unveiled at CES 2025, the Hisense 116UX is launching this year in an exclusive, 116-inch version. If you're keeping score at home, that's one inch bigger than Samsung's Micro RGB TV. It'll also be available for the same eye-watering price of $29,999. The 116UX debuts alongside a slightly smaller (but still huge) 100-inch version, the Hisense 100UX. This TV is reportedly hitting shelves at $19,999. Hisense claims that the 116UX can clear 95% coverage of the BT.2020 color gamut. We've already been lucky enough to take a look at the 116UX with our testing equipment, and according to measurements, the 116UX is the brightest commercial TV we've ever tested, easily cracking the 5,000-nit mark in HDR. Of the brands tinkering with this technology, Sony is taking the most time to forge its own path. To date, Sony hasn't officially given a name to its take on RGB Mini-LED, nor has it given a name to the model we saw during a press event in Tokyo earlier this year. For now, at Tom's Guide, we're colloquially referring to the TV as the Bravia 10 and to Sony's take on the technology as Sony RGB LED. Neither of these names are confirmed. Based on what we know, Sony's version of this display operates similarly to that of Samsung and Hisense. Sony says the display covers 90% of BT.2020 and can get as bright as 4,000 nits. Unlike its competitors, Sony is currently planning on debuting this TV sometime in 2026, so we'll have to wait to get more details There's no way around it: Most people can't afford TVs in the $20,000 to $30,000 price range, and while big screens are more popular than ever, 100-inch TVs just aren't practical. But if you're hoping to put a 65-inch RGB Mini-LED TV for your living room, you'll probably have to wait a while. As time moves on, these TV-makers are banking on RGB Mini-LED being brought down to popular sizes, like 75 and 65 inches. Display technology can be tricky to scale down. When it comes to pricey, carefully engineered display hardware, it's much more cost effective to start at larger display sizes before developing a reliable way of manufacturing it at smaller size points. This is why most of these TVs are both gargantuan and expensive. But as time moves on, these TV-makers are banking on RGB Mini-LED being brought down to popular sizes, like 75 and 65 inches. In the meantime, consider RGB Mini-LED to be a bridge between the Mini-LEDs of today and the TVs of the future. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
