Forgiven EA for the SimCity launch fiasco and the Origin vulnerability yet? No? Good, because EA may have yet another mess on its hands. According to Ars Techncia, a bug in the company's free-to-play Battlefield spinoff, Battlefield Play4Free, allows the execution of malicious code on vulnerable systems. The security hole was uncovered at a security conference earlier this month, and here's how it works, in Ars' words:
The webpage used in the exploit opens the game on a victim's computer and instructs it to load a malicious "MOD" file used to customize game settings and features, according to a document the researchers published Friday. Using some nonstandard behavior of a programming interface version found only in older versions of Windows, the MOD file is able to upload a malicious batch file that will be executed the next time the computer is restarted.
Don't rush to uninstall the game just yet—only Windows XP and Windows 2003 are vulnerable, which means anyone who's bothered to upgrade their operating system in the past six years should be okay. Not everybody has, of course. Ars says 39% of Battlefield Play4Free's one million players still run Windows XP.
The site goes on to say EA is "investigating the report" but doesn't have an official statement yet. Considering this is a hole found by security researchers, there's a fair chance it hasn't been exploited in the wild yet, which may give EA some time to address the problem. Hackers can move quickly, though, and the proof of concept is public.
|1. BIF - $340||2. chasp_0 - $251||3. mbutrovich - $250|
|4. Ryu Connor - $250||5. YetAnotherGeek2 - $200||6. aeassa - $175|
|7. dashbarron - $150||8. Captain Ned - $100||9. Anonymous Gerbil - $100|
|10. Bill Door - $100|
|be quiet!'s Silent Base 800 case reviewed||3|
|MSI Aegis Ti wraps up SLIed GTX 1080s in an aggressive shell||30|
|Deals of the week: a Dell G-Sync monitor for $470 and more||11|
|Radeon Software Crimson Edition 16.7.3 serves up the bugfixes||4|
|AMD reveals the full specs of the Radeon RX 460 and RX 470||68|
|Nvidia will pay GeForce GTX 970 owners $30 over memory snafu||48|
|Gigabyte's GeForce GTX 1080 Xtreme Gaming graphics card reviewed||38|
|Microsoft's free Windows 10 upgrade offer ends tomorrow||113|
|ASRock H110M-STX mobo puts the 5x5 platform in builders' hands||15|
|Now you can install Crysis directly on the video card!||+65|