A cybersecurity researcher has recently uncovered a critical vulnerability in the computer game Marvel Rivals, allowing attackers to execute arbitrary code on players. The vulnerability is related to the game’s update mechanism, which fails to verify the authenticity of servers from which patches are downloaded. Additionally, the game launches with administrator rights, further enhancing the severity of the potential attack.
This type of vulnerability, known as Remote Code Execution (RCE), is considered one of the most serious in the realm of information security. With just a connection to the same Wi-Fi network, an attacker could inject malicious code onto a victim’s computer.
The study’s author warns that this type of attack could not only target PC users but also potentially impact game console owners. Theoretically, the vulnerability could be exploited to bypass security measures on systems like the PlayStation 5.
The security flaw in video games continues to be a pressing issue. Many developers are slow to address vulnerabilities, with most large gaming studios lacking bug bounty programs. The researcher reveals having identified at least five critical vulnerabilities in popular games over the past year, three of which remain unpatched due to developer indifference or communication challenges.
The disregard for cybersecurity in the gaming industry has led enthusiasts to create unofficial exploits, bots, and cheats, ultimately undermining the integrity of the gaming ecosystem. Nevertheless, some developers actively engage with the security community and incentivize the reporting of vulnerabilities through reward programs.