Once we fully understand the nature of the incident, we will provide an update with additional information. We are currently investigating the root cause. Rest assured that video.js is once again safe to load.
The files were repaired at 7:15am PDST and completed propagation to CDN edge caches around the world at 7:51am PDST. It has been determined that the files were originally modified at 4:30am PDST.
#Inetwork that once had vjs install#
Potential Impact: Any browsers that loaded the affected files during the compromised period may have prompted users to install malicious software on their computers. Users who host their own copy of Video.js were also not affected. 4.1.0/video.js) were affected, and neither was the latest version (4.2). We quickly reverted to safe versions of the video.js file, and took steps to ensure that the issue could not reoccur. The malware has been identified to be a variant of .1932 or. The file was changed to contain malicious code that would attempt to install malware on any Windows or Macintosh computer that loaded the video.js file. On the morning of Septemat 6:25am PDST, we discovered that certain versions of video.js being served from our content delivery network (CDN) had been modified by an unknown attacker. The original source of this event was the Sendori Auto-update Hack, which possibly affected millions of people including, unfortunately, an admin of the CDN.
Access to the CDN has been restricted to a few key individuals.The CDN continues to be secure and we have taken significant steps to ensure it never falls under a similar attack again. Unauthorized modification of Video.js CDN files
0 kommentar(er)
