If you have a Fire TV Stick plugged into your telly then it’s vital that you check it’s fully updated and has the very latest software downloaded. That urgent warning has been issued by the security experts at Bitdefender, who discovered a number of vulnerabilities that they say could leave the streaming gadgets open to attack from cyber criminals.
In fact, one of the flaws was so serious it could have resulted in attackers gaining full control of the device – that’s clearly worrying for anyone who uses Amazon’s popular TV tech.
A total of three nasty bugs were found within the Fire TV operating system with Amazon alerted to the issues late last year.
The online retailer has now released an urgent patch but it’s vital that users check to make sure things are fully updated to the very latest operating system.
Luckily, it appears that the software release has happened quickly enough to stop any attacks from taking place with no evidence that the issues have been used against customers.
Bitdefender says it has been working closely with the Amazon Fire TV team through all stages of vulnerability disclosure with the firm praising Amazon for its speedy response.
To check your Fire TV is up to date follow these steps.
To update your Fire TV Stick, navigate to Settings > My Fire TV > About and select Check for System Update. If there is an update available, you can install it right away. Your system will restart once it is done downloading.
Vulnerabilities at a glance
• Unauthorized authentication through local network PIN brute forcing. This vulnerability was caused by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that could have resulted in attackers gaining control of the device. (CVE-2023-1385)
• A vulnerability in the setMediaSource function on the amzn.thin.pl service allowed for arbitrary Javascript code to be executed. It could be used to load arbitrary HTTP URLs in the webview. (CVE-2023-1384)
• A vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. (CVE-2023-1383)
Don’t forget, if your Fire TV hasn’t been upgraded the vulnerabilities will still be open for attackers to advantage of – so make sure you check your device as soon as possible.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
