Hackers are using subtitles to take control of any device you use subtitles on, YES any device using kodi, popcorn-time VLC including xbmc and other streaming devices using subtitles could put all your devices at risk from hackers!!.
JUST TO BE CLEAR I HAVE NOT ACTUALLY HAD THIS OR TESTED IT MYSELF THIS POST IS JUST A CAUTION THAT THIS COULD HAPPEN
Below is a video demonstrating what happens when you enable subtitles in popcorn-time or kodi, the issue is your antivirus automatically allows subtitles to pass as subtitles are classed as SAFE!! not anymore please be careful guys the below video shows what happens when your device ( kodi devices and other devices ) including laptops, computers, and device that can run kodi is the main reason for this post guys but computers, including laptops, pi’s and many other devices.
As you can see from the video above this is not a good thing. how the hack works is when you the user streams a movie or tv show and enables the subtitles to the desired stream then you select a subtitle file the hackers code is in that file and when you load it, the code activates and sends a connection to the hacker that is sat at their computer waiting for a connection to come through, NOW once the connection is made and the hacker has your screen up on their screen, THEY HAVE FULL CONTROL OF YOUR DEVICE!, yes FULL CONTROL this mean they can get ANYTHING from your device ( including laptop/computers ) anything you have stored on your device the hacker has FULLY access to EVERYTHING!.
The reason the hackers are using this method is all down to security, SUBTITLES are classed as SAFE by anti-virus software including spyware, anyspyware, any security software you have enabled on your device is now at RISK! using this exploit on your devices.
Kodi developers are aware of this exploit and have released a update to fix the security issue mentions but as of the time of this post from the info i have found about it the security issue has only been released in a update as a source code release, i have found nothing on the net just yet to give a full picture on when released for specific devices will get this update.
OTHER POSTS I HAVE FOUND WITH INFO ON THIS
Just click one of the above links to see in more detail info about the subtitle exploit.
Below is a quote from kodi.tv news post on the issue and they have fixed and pushed the update in kodi 17.2
You may have read in the news that malicious subtitle zip files could potentionally infect and harm your media player including Kodi. When Check Point researchers uncovered this flaw they contacted us up front to let us know about this flaw. Our developers fixed this secuity gap and have added the fix to this v17.2 release. As such we highly encourage all users to install this latest version! Any previous Kodi version will not get any security patch. We have began the roll out of this version and Android Play Store as well as Windows Store have this update pending and will roll out as soon as possible. Please be patient if you are using these store versions. Our official download page of course has the regular install files available for the supported platforms.
so as you can see kodi has fixed the known issue in kodi also i have seen posts about vlc fixing it also.