Earlier today I stumbled across this interesting piece at News.com regarding a vulnerability in the Unreal engine. It's an unusual place to find a vulnerability, to say the least, which is just as well, considering the way Epic handled it.
Apparently PivX, the company that discovered the bug, contacted Epic in November, at which point Epic did... absolutely nothing. Growing tired of this, PivX finally released a statement about the problem last week. Considering that the informal rule is to give a company a month to fix the bug, you can hardly blame them.
But wait, it gets better! Epic's vice-president Mark Rein was quoted saying that PivX's statements were "slanderous" and Epic was going to talk to its attorneys. Niiiiice. Epic's president Tim Sweeney apparently then stepped in, accepted full responsibility for the delay on behalf of Epic, and contradicted the earlier talk of lawsuits.
Of course, while concentrating on the whole soap opera who said what aspect, News.com apparently didn't feel the need to mention niggling little details like when we might expect a patch, what games were affected, or what effect the exploit would have on a machine running one of those games. Fortunately, they at least linked to the PivX advisory on the subject, which indicates a fairly serious problem.
It looks like pretty much every Unreal-engine game from Unreal forward is affected, be it running on Win32, Linux or Mac. The exploit allows the bad guy to launch DDoS attacks against other Internet addresses, as well as execute arbitrary code on the compromised machine. I poked around but couldn't find any information on forthcoming patches; if you know anything more, feel free to comment.
|Acer details specs and prices of its Ryzen Mobile-powered Swift 3s||9|
|Google Project Tango is dead—long live ARCore||10|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||24|
|Aerocool's Project 7 P7-C1 Pro case reviewed||8|
|Antec P110 Silent touts quiet looks and quiet operation||11|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||19|
|Monkey Day Shortbread||15|