[ad_1]
The day after the North American final of the Apex Legends Global Series was postponed due to a mid-match hack against two players, Easy Anti-Cheat issued a statement saying that “there is no RCE vulnerability” in its software that has been exploited to carry out the attack.
The first hack, against DarkZero’s Noyan “Genburten” Ozkose, took place during the third match of the day: he was suddenly able to see all the other players on the map, even through walls, and was eventually forced to abandon the game. game. , although his teammates managed to take second place despite being one man less. The second hack occurred in the next match: TSM’s Phillip “ImperialHal” Dosen suddenly found himself saddled with an aimbot. That match was eventually abandoned and the North American final was postponed “because the competitive integrity of this series is compromised.”
Shortly after, the Anti-Cheat Police Department, a volunteer group that specializes in “gathering intelligence on cheating to detect and disrupt cheating sellers,” issued a statement saying that an RCE (remote code execution) was being abused in the game and that it was unclear “whether it comes from the game or the actual anti-cheat (software).”
Remote code execution exploits allow attackers to run software on remote machines, and it’s bad news: an RCE was responsible for the suspension of PC PvP servers for Dark Souls games in 2022. A similar vulnerability was discovered in GTA Online in 2023.
In this case, as Anti-Cheat PD put it, “RCE is being abused to inject cheats into streamers’ machines, meaning they have the ability to do anything, like install ransomware software that locks down their entire PC.” .
It is not yet known how this attack occurred, but today Easy Anti-Cheat issued a statement denying responsibility. “We have investigated recent reports of a possible RCE issue within Easy Anti-Cheat,” he tweeted. “At this time, we are confident that no RCE vulnerabilities are being exploited within EAC. We will continue to work closely with our partners for any necessary follow-up support.”
What makes the statement even more notable is the fact that it’s the first time Easy Anti-Cheat has tweeted since May 2019. Clearly, the company considers it an important issue, and for good reason: rooting out where the vulnerability, in Easy Anti-Cheat. or Apex Legends itself, is of great importance as it could determine whether this RCE is contained in one game or can potentially be implemented in other games that use EAC, such as Fortnite, War Thunder, Lost Ark, Elden Ring, Battlefield 2042 and Hunt: Confrontation, to name a few.
Reacting to EAC’s tweet, Anti-Cheat PD said that it indicates that the problem lies with the Source engine itself, which Apex Legends uses, and that it could be similar to a vulnerability. detailed in 2021.
Respawn has yet to comment on the hack, so the big questions (how did this happen and what is the risk of playing Apex Legends?) remain unanswered. There’s also no indication at this time as to when the ALGS North American Finals will resume, but it’s fair to assume it won’t happen until Respawn is sure the game is secured. I’ve contacted EA for comment and will update if I hear back.