Media players in personal computers have serious vulnerabilities that could allow online criminals to attach malicious code and infect computers without the user's knowledge, a researcher said.
As a result, audio and video downloads can be turned into digital weapons that hackers could use to hijack or corrupt computers, David Thiel, senior security consultant with San Francisco-based researcher iSEC Partners, said Thursday.
Thiel, who exposed the flaws on relatively obscure open-source media players during a presentation at the Black Hat hacker conference, said he has found several flaws in popular commercial players. But he declined to provide their brand names because, he says, he is still disclosing the exploits to the companies so they can issue fixes.
He is not aware of any current attacks using the vulnerabilities he has discovered but said they're hard to track.