Why You Need to Update Your Plex Server ASAP
If you use the Plex media server, you may need to update it right now to fix a serious security vulnerability. Late last week, the company notified some users of a vulnerability affecting Plex Media Server versions 1.41.7.x through 1.42.0.x, and urged recipients to download the patch as soon as possible.
Why You Should Pay Attention to This Plex Security Issue
As Bleeping Computer reports , Plex has encountered a number of critical and high-severity bugs in the past, but rarely warns users about specific vulnerabilities and urgent updates, so this bug is likely quite serious.
One of Plex’s actively exploited security vulnerabilities was the cause of a massive LastPass data breach in 2022 . A remote code execution vulnerability, designated CVE-2020-5741, allowed attackers to gain access to the Plex account of a LastPass engineer who had not updated his software with the appropriate patch. As a result, the attackers were able to install a keylogger to steal the employee’s credentials, giving them access to the company’s LastPass vault. According to Plex’s statement on the incident, the version running on the engineer’s server was “about version 75 ago.”
Plex has not provided any additional information about the vulnerability or assigned a CVE identifier, so it is unclear what exactly the vulnerability is. Some users have received an email describing a “potential security issue affecting Plex Media Server versions 1.41.7.x–1.42.0.x” that was identified through a vulnerability research program. The email also stated, “We strongly encourage everyone to update their Plex Media Server to the latest version as soon as possible if you have not already done so.”
The fix for this latest vulnerability is Plex Media Server version 1.42.1.10060 (or later), which you can get through the server management page or from the company’s downloads page .