Security hole spotted in Unreal engine

Research firm Secunia warns of a "critical" flaw in a widely used piece of game software.

by

Security company Secunia issued a bulletin warning of the flaw in some versions of the Unreal game engine, which is used by numerous PC games. Most game publishers using the engine have already issued patches, however, to plug the hole.

According to the bulletin, malicious hackers could send a string of junk data to the security tool that the Unreal engine uses to verify online game servers. Once the security tool was compromised by such a "buffer overrun," the attacker would be able to execute code at will on the machine.

Games affected by the flaw include five versions of Unreal, all of which are secured by patches released last week, plus shooting games Postal 2 and Deus Ex, which were also fixed by recent patches.

The flaw was discovered by independent security researcher Luigi Auriemma, whose work has played a major role in publicizing online gaming as a possible vector for security threats. As they develop more online capabilities, games have become an increasingly popular avenue for online miscreants. A recently patched flaw in the shooting game Half-Life and its popular online offshoots, for example, opened a door for denial-of-service attacks.

Discussion

0 comments