Kodi 17.2 rolling out with important security fix

If you're using Kodi on your Windows machine then there's an update rolling out that you need to know about. Version 17.2 doesn't add any new features but it does come with some important fixes, including one for a potential security flaw.

From the official Kodi blog:

You may have read in the news that malicious subtitle zip files could potentially infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contact us up front to let us know about this flaw. Our developers fixed this security gap and have added the fix to this v17.2 release.

Older versions won't be getting this patch so the developers are strongly urging Kodi users to make sure they take the latest update. Other things of note in version 17.2:

  • Fix selection after channelgroup switching in PVR guide window
  • Fix handling of gaps that caused eradic behaviour in EPG grid
  • Allow backing out of fullscreen pictures by mapping longpress guesture
  • Quick fix for wake up command not being called in PVR power management
  • Use alternative method to check if platform updates have been installed on Windows
  • Fix possible security flaw in which abused .zip files try to traverse to a parent directory
  • Use the correct ttc font from the video file for subtitles on Windows
  • Detect and delete zero-byte database files which cause crashes

The update is currently pending in the Windows Store for release, but if you're not using this version you'll find it ready to go already on the Kodi downloads page.

Download Kodi from the Windows Store (opens in new tab)

Richard Devine is an Editor at Windows Central. A former Project Manager and long-term tech addict, he joined Mobile Nations in 2011 and has been found on Android Central and iMore as well as Windows Central. Currently you'll find him covering all manner of PC hardware and gaming, and you can follow him on Twitter and Instagram.

  • So this zip bug thing affects Kodi even if it's from the Windows store? What's the point of the Store then. Or am I missing something
  • The Windows store generally protects you from malisuous code, rather than buggy code.
  • You're missing how Kodi works. Kodi itself doesn't have any malicious code in it. What you may be downloading/viewing with Kodi can, and is not subjected to the Windows store. That's similar to the idea, Windows doesn't have a virus in it, but you can go download one if you're not careful.
  • so... at the end of the day W10S is not more reliable than W10PRO because everything depends on the user Nice. Thats why W10S is a fail.
  • That's incorrect. If you had downloaded Kodi directly from them, you would not get the bug fix automatically. If you downloaded it from the Windows Store, the update is automatically applied. Software isn't perfect, but when bugs are found, getting the update in a timely manner is more insecure. Hence, for Kodi, it's better to use the Windows Store version.
  • Yup. Pretty much. You have to wait a few days it seems for the update to go through but it's clearly the best method of delivering it.
  • It stops you downloading crapware. It doesn't protect you against holes in software that need patching.
  • You do understand that W10S does not allow software outside the Store, meaning a user won't run a malicious program accidentally. Buggy software is different from malicious software, and buggy software can be fixed via an update. I don't understand your general statement and why you feel W10S is doomed, sounds like an uneducated comment.
  • You completely misunderstand how software works, that's why YOU are a fail.
  • Uh... No... Just no.
  • Actually, W10S would prevent these malicious ZIP files from working.
  • Thats my understanding too. The kodi will try to launch the exe inside the zip and this will fail.
  • What are you using when you use, say, VLC? You're opening a media file that wasn't delivered from the Windows Store. It's not a total silo, if it was, Kodi wouldn't even be in there because you wouldn't be able to use anything with it. The zip files are how you sometimes apply add-ons, in this case subtitles, because they're not built in. There was a hole, someone found it, told the devs, they fixed it. A hole in software is a hole in software. The Windows Store doesn't magically make bugs go away.