STREAMING FILM AND TV SERVICE Netflix users are being targeted by an exploit that executes arbitrary code in Microsoft Silverlight and allows cybercrooks to "do almost anything to their computer".
Found by security firm Malwarebytes, the exploit affects Netflix users by targeting vulnerabilities in Microsoft's application framework Silverlight, which Netflix relies on to work. Malwarebytes told Silverlight users to uninstall Silverlight if they no longer need it, or to update it to the latest version to avoid being targeted.
The vulnerability is exploited by users visiting compromised or malicious websites. The flaw, which exists in Silverlight versions prior to 5.1.20125.0, allows attackers to execute arbitrary code on the affected systems without any user interaction.
"Upon landing on the exploit page, the Angler exploit kit will determine if Silverlight is installed and what version is running," Malwarebytes explained. "If the conditions are right, a specially crafted library is triggered to exploit the Silverlight vulnerability."
Netflix boasts 40 million subscribers worldwide for its paid streaming video service and if you want to watch Netflix on your PC, you need to use Silverlight.
"Those that already have an older version of Silverlight can still watch Netflix and may not be aware that their computers are at risk," warned Malwarebytes.
"We can expect this CVE to be integrated into other exploit kits soon, so it is important to make sure you patch all your machines now."
Malwarebyutes said even if you do not have Netflix installed and have installed Silverlight in the past, simply remove it altogether "as that will help to reduce your surface of attack". µ
Sign up for INQbot – a weekly roundup of the best from the INQ