If you've got a Fire TV Stick plugged into your telly then it is important that you just test it is totally up to date with the very newest software program. This pressing warning has been issued by the safety consultants at Bitdefender, who found quite a few vulnerabilities that might go away the streaming devices open to assault from cyber criminals.

In reality, one of many flaws was so severe it might have resulted in attackers gaining full management of the gadget - that is clearly worrying for anybody who makes use of Amazon's well-liked TV tech.

A complete of three bugs have been discovered, with the staff alerting Amazon of the problems late final yr.

The on-line retailer has now launched an pressing patch but it surely's important that customers test to verify issues are totally up to date to the very newest working system.

Luckily, it seems that the software program launch has occurred shortly sufficient to cease any assaults from going down with no proof that the problems have been used in opposition to clients.

Bitdefender says it has been working intently with the Amazon Fire TV staff by all levels of vulnerability disclosure with the agency praising Amazon for its speedy response.

To test your Fire TV is updated observe these steps.

To replace your Fire TV Stick, navigate to Settings > My Fire TV > About and choose Check for System Update. If there's an replace obtainable, you may set up it instantly. Your system will restart as soon as it's carried out downloading.

Vulnerabilities at a look

• Unauthorized authentication by native community PIN brute forcing. This vulnerability was brought on by improper implementation of the Password Authenticated Key Exchange by Juggling (or J-PAKE) protocol that might have resulted in attackers gaining management of the gadget. (CVE-2023-1385)

• A vulnerability within the setMediaSource operate on the amzn.skinny.pl service allowed for arbitrary Javascript code to be executed. It might be used to load arbitrary HTTP URLs within the webview. (CVE-2023-1384)

• A vulnerability within the exchangeDeviceServices operate on the amzn.dmgr service allowed an attacker to register providers which are solely domestically accessible. (CVE-2023-1383)