Subtitles, security, and Infuse

Earlier this week, researchers published details of a security vulnerability affecting some desktop apps which could allow malware to be downloaded and installed. A short recap can be found here. Hackers are hiding malware in subtitle files – TechCrunch

We take user safety and security very seriously, and after reviewing the available details can safely say Infuse is not affected by this issue.

For a bit of background, apps downloaded from the App Store (iOS, Apple TV, Apple Watch, etc…) operate within what’s called a ‘sandbox’ which limits the data a particular app can access. Any attempt to access other data, modify the main application executable, or execute a standalone script will trigger an immediate crash without an option to restart the app as the code signature will be broken.

Additionally, recent versions of Infuse use secure https for 100% of external traffic, along with additional safeguards to prevent issues like this should a malicious file somehow make it onto your device through other means.

Of course it’s always a good idea to keep your devices up-to-date with the latest iOS and tvOS updates from Apple as they include important security fixes and improvements. Information on the security content of these releases can be found here. Apple security updates - Apple Support