Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players.
The exploit, identified as a Remote Code Execution (RCE) vulnerability, allows attackers on the same network to run arbitrary code on another player’s device. This flaw highlights ongoing concerns about security practices in the gaming industry.
The Remote Code Execution Vulnerability
The issue stems from Marvel Rivals’ hotfix patching system, which uses remote code execution to update the game.
However, the system fails to verify whether it is connected to the legitimate game server. Compounding the problem, the game runs with administrative privileges on players’ devices a measure implemented for anti-cheat purposes but one that significantly increases the risk of exploitation.
This combination of insecure server verification and elevated privileges creates a perfect storm for attackers.
A hacker could execute harmful commands on their device without their knowledge by simply being on the same Wi-Fi network as a victim.
RCE vulnerabilities are among the most dangerous in software, as they can grant attackers complete control over a system.
The implications of this vulnerability extend beyond PCs. According to a proof-of-concept video shared by researchers, this exploit could also serve as an entry point for attacks on PlayStation 5 consoles running Marvel Rivals.
This raises concerns about broader platform security and the potential for similar vulnerabilities in other games or systems.
This exploit’s discovery underscores a recurring issue in the gaming industry: inadequate attention to security. The researcher behind this finding expressed frustration over developers’ lack of responsiveness to vulnerability reports.
They revealed that they have identified at least five critical bugs in major games over the past year, three of which remain unpatched due to unresponsive or indifferent developers.
The lack of bug bounty programs in many gaming companies exacerbates this problem. Security researchers are often discouraged from disclosing vulnerabilities responsibly without incentives or clear reporting channels. Instead, some may create hacks or bots, which can be more lucrative but detrimental to the player base.
“It’s very hard for security researchers to report bugs to most game dev companies. On top of that, most do not have bug bounty programs.” Researcher said.
Developers must prioritize verifying server connections, limiting administrative privileges, and establishing clear channels for reporting vulnerabilities. Bug bounty programs, like those successfully implemented by some companies, could go a long way in encouraging responsible disclosure and improving overall game security.
The discovery of this exploit was made possible through collaboration with several contributors, including AeonLucid, LukeFZ, nitro, and sanktanglia, who assisted with network cryptography analysis.
As online gaming continues to grow in popularity, so too does its appeal as a target for cyberattacks. Developers must take proactive steps to ensure their games are safe for players before vulnerabilities like this one are exploited on a larger scale.
#Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s
Author: Balaji NA critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players.
The exploit, identified as a Remote Code Execution (RCE) vulnerability, allows attackers on the same network to run arbitrary code on another player’s device. This flaw highlights ongoing concerns about security practices in the gaming industry.
The Remote Code Execution Vulnerability
The issue stems from Marvel Rivals’ hotfix patching system, which uses remote code execution to update the game.
However, the system fails to verify whether it is connected to the legitimate game server. Compounding the problem, the game runs with administrative privileges on players’ devices a measure implemented for anti-cheat purposes but one that significantly increases the risk of exploitation.
This combination of insecure server verification and elevated privileges creates a perfect storm for attackers.
A hacker could execute harmful commands on their device without their knowledge by simply being on the same Wi-Fi network as a victim.
RCE vulnerabilities are among the most dangerous in software, as they can grant attackers complete control over a system.
The implications of this vulnerability extend beyond PCs. According to a proof-of-concept video shared by researchers, this exploit could also serve as an entry point for attacks on PlayStation 5 consoles running Marvel Rivals.
This raises concerns about broader platform security and the potential for similar vulnerabilities in other games or systems.
This exploit’s discovery underscores a recurring issue in the gaming industry: inadequate attention to security. The researcher behind this finding expressed frustration over developers’ lack of responsiveness to vulnerability reports.
They revealed that they have identified at least five critical bugs in major games over the past year, three of which remain unpatched due to unresponsive or indifferent developers.
The lack of bug bounty programs in many gaming companies exacerbates this problem. Security researchers are often discouraged from disclosing vulnerabilities responsibly without incentives or clear reporting channels. Instead, some may create hacks or bots, which can be more lucrative but detrimental to the player base.
“It’s very hard for security researchers to report bugs to most game dev companies. On top of that, most do not have bug bounty programs.” Researcher said.
Developers must prioritize verifying server connections, limiting administrative privileges, and establishing clear channels for reporting vulnerabilities. Bug bounty programs, like those successfully implemented by some companies, could go a long way in encouraging responsible disclosure and improving overall game security.
The discovery of this exploit was made possible through collaboration with several contributors, including AeonLucid, LukeFZ, nitro, and sanktanglia, who assisted with network cryptography analysis.
As online gaming continues to grow in popularity, so too does its appeal as a target for cyberattacks. Developers must take proactive steps to ensure their games are safe for players before vulnerabilities like this one are exploited on a larger scale.
#Cyber_Security_News #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
