Plex, the popular app for organizing and streaming personal media collections, is warning users running certain Plex Media Server versions to update immediately due to a “potential security issue” that was recently patched. Here are the details.
Urgent fix, no details
As reported by BleepingComputer (via Tecnoblog), Plex is reaching out to users running server versions 1.41.7.x through 1.42.0.x, and urging them to update to Plex Media Server 1.42.1.10060 as soon as possible.
The company’s e-mail reads:
Update Your Plex Media Server
Dear Plex user,
We recently received a report via our bug bounty program that there was a potential security issue affecting Plex Media Server versions 1.41.7.x to 1.42.0.x. Thanks to that user, we were able to address the issue, release an updated version of the server, and continue to improve our security and defenses.
You’re receiving this notice because our information indicates that a Plex Media Server owned by your Plex account is running an older version of the server. We strongly recommend that everyone update their Plex Media Server to the most recent version as soon as possible, if you have not already done so.
The new version (1.42.1.10060 or later) is now available to update through your regular server management page or you can download the package from our downloads page (https://www.plex.tv/media-server-downloads/).
Thank you,
The Plex Team
The company hasn’t disclosed any specifics about the vulnerability, and it doesn’t yet have a CVE identifier, both signs that this was a serious and urgent bug fix.
So if you’re running Plex, double-check that your server is fully up to date, as now that the word is out there that a severe bug was fixed, it’s very likely that attackers will try to figure out the vulnerability and exploit it on users who haven’t updated yet.
While Plex has an overall good track record, BleepingComputer notes that it has had issues in the past with remote code execution, which is about as serious as it gets.
So even if you don’t think you’re running versions 1.41.7.x through 1.42.0.x of Plex Media Server, it’s worth double-checking that you’re on version 1.42.1.10060, just to be safe.
Are you a Plex user? Let us know in the comments.
Limited time Mac deals on Amazon
- Mac mini (M4) 16GB/256GB: $499 (17% off)
- MacBook Air, 15-inch, M4, 16GB/256GB: $999 (was $1,199)
- MacBook Pro, 14-inch, M4, 16GB/512GB: $1,299 (19% off)
- Studio Display, Nano-Texture Glass, VESA Mount Adapter: $1,649 (13% off)
FTC: We use income earning auto affiliate links. More.
