Plex has warned users to quickly update their Plex Media Server after patching a recently reported security issue affecting versions 1.41.7.x through 1.42.0.x. The flaw was discovered through the company’s bug bounty program, though Plex has not yet provided a CVE identifier or disclosed technical details. Users running outdated versions were directly emailed, urging them to install the fixed release, Plex Media Server 1.42.1.10060, available from the downloads page.
While no exploitation has been reported, experts caution that attackers could reverse engineer the patch to create exploits if users delay updating. Plex rarely sends direct alerts for vulnerabilities, highlighting the seriousness of this case. The company has faced significant security incidents before, including an RCE bug (CVE-2020-5741) that played a role in the LastPass breach and a separate 2022 data breach that exposed user credentials. This latest warning underscores the importance of prompt patching to avoid becoming a target.
Read more...