Subtitle files can be abused for hijacking the device you are using to watch movies on
A team of researchers at Check Point has discovered vulnerabilities in four of the most popular media player applications such as VLC, Kodi, Streamio and Popcorn Time, which can be exploited by hackers to hijack “any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device” with malicious codes inserted into the subtitle files.
▻http://thehackernews.com/2017/05/movie-subtitles-malware.html
The vulnerabilities reside in the way various media players process subtitle files and if exploited successfully, could put hundreds of millions of users at risk of getting hacked.
As soon as the media player parses those malicious subtitle files before displaying the actual subtitles on your screen, the hackers are granted full control of your computer or Smart TV on which you ran those files.
▻http://blog.checkpoint.com/2017/05/23/hacked-in-translation
Our researchers were also able to show that by manipulating the website’s ranking algorithm, we could guarantee crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain, without resorting to a Man in the Middle attack or requiring user interaction