Earlier today I stumbled across this interesting piece at News.com regarding a vulnerability in the Unreal engine. It's an unusual place to find a vulnerability, to say the least, which is just as well, considering the way Epic handled it.
Apparently PivX, the company that discovered the bug, contacted Epic in November, at which point Epic did... absolutely nothing. Growing tired of this, PivX finally released a statement about the problem last week. Considering that the informal rule is to give a company a month to fix the bug, you can hardly blame them.
But wait, it gets better! Epic's vice-president Mark Rein was quoted saying that PivX's statements were "slanderous" and Epic was going to talk to its attorneys. Niiiiice. Epic's president Tim Sweeney apparently then stepped in, accepted full responsibility for the delay on behalf of Epic, and contradicted the earlier talk of lawsuits.
Of course, while concentrating on the whole soap opera who said what aspect, News.com apparently didn't feel the need to mention niggling little details like when we might expect a patch, what games were affected, or what effect the exploit would have on a machine running one of those games. Fortunately, they at least linked to the PivX advisory on the subject, which indicates a fairly serious problem.
It looks like pretty much every Unreal-engine game from Unreal forward is affected, be it running on Win32, Linux or Mac. The exploit allows the bad guy to launch DDoS attacks against other Internet addresses, as well as execute arbitrary code on the compromised machine. I poked around but couldn't find any information on forthcoming patches; if you know anything more, feel free to comment.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||17|
|Seagate 5TB BarraCuda and 2TB FireCuda drives are big and speedy||9|
|Nvidia licenses Rambus' DPA tech for side-channel data leak prevention||11|
|iOS 10.1 update includes portrait mode beta for iPhone 7 Plus||4|
|Biostar belatedly announces GTX 1060 graphics cards||12|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||8|
|AMD drops prices on the Radeon RX 460 and RX 470||50|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||33|
|A real "console monitor" would be 720p @ 30 Hz ;P||+64|