Plex is strongly advising users to update their Plex Media Server software to the latest version, 1.42.1.10060, to patch a significant security flaw. The vulnerability affects versions 1.41.7.x through 1.42.0.x and could leave servers exposed to potential exploits. The company has been actively notifying users via email about the urgency of this update, a measure they rarely take, highlighting the seriousness of the issue. While the specific details of the vulnerability have not been publicly disclosed, the fact that it was reported through their bug bounty program suggests a credible and potentially severe threat.
The company’s proactive approach in alerting users underscores the importance of applying the patch without delay. Although no CVE-ID has been assigned to this vulnerability yet, users are encouraged to treat this with the utmost seriousness. Leaving the server unpatched could allow threat actors to reverse engineer the security fixes and develop exploits, potentially leading to unauthorized access or other malicious activities. This incident serves as a critical reminder of the importance of keeping all software up-to-date to mitigate security risks, especially for services that manage personal media collections.
Plex, a popular media server software, allows users to organize and stream their personal video, music, and photo collections to various devices. Its widespread use makes its security a paramount concern for its large user base. The company has a history of addressing security issues, including a past incident where a vulnerability in Plex Media Server was exploited in a high-profile data breach at LastPass. Users can download the latest version from their server management page or the official Plex downloads website to ensure their media servers are protected against this new threat.
