this post was submitted on 19 Mar 2024
456 points (92.5% liked)

Technology

59201 readers
3755 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Wow it finally happened. So glad I switched to steam running on linux mint last week. I refused to install helldivers because it wanted to install some no holds barred god level permissions anti-cheat software. Windows 11 was the last straw for me. Good times..

The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, "There is currently an RCE exploit being abused in [Apex Legends]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.

As for players of the tournament, they strongly recommended taking protective measures. "It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet", they said, "perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

you are viewing a single comment's thread
view the rest of the comments
[–] noevidenz@infosec.pub 55 points 7 months ago (3 children)

There is currently no evidence of an RCE exploit in EAC, and EAC themselves as well as their owner, Epic, have both denied the existence of an RCE in their software.

There's a video from about a month ago in which ImperialHal and Genburten (on separate occasions) are in a match against the person named in the messages sent by the exploit on Genburten's machine.

It's possible that they were in contact with the hacker after that point and that he tricked them into downloading something they shouldn't have.

Otherwise, it's also possible that there is an exploit in Apex/Source that the hacker used. He may have been able to get their IP during the public match a month ago and then use it to target them during the competition.

Beyond what was seen during the competition, the hacker was also able to gift thousands of Apex packs to several players (seemingly without paying for them) and was able to get 40+ "bot" players into a single match and to all target an individual player. He also claimed to be able to open crates on another player's account. These other exploits seem to indicate that he has elevated access to both the server and to multiple APIs, but none of them indicate elevated access to user machines in general.

[–] anarchy79@lemmy.world 16 points 7 months ago

In other news, Boeing swears their planes are perfectly safe, and any evidence to the contrary lies at the bottom of the ocean.

[–] merthyr1831@lemmy.world 12 points 7 months ago* (last edited 7 months ago)

Cancel my comment about this being a possible 0day or whatever. They were playing this tournament on their personal systems, which makes it way easier for someone to accidentally download malicious software without players' consent.

[–] PipedLinkBot@feddit.rocks 2 points 7 months ago (1 children)

Here is an alternative Piped link(s):

a video

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] anarchy79@lemmy.world 0 points 7 months ago* (last edited 7 months ago) (2 children)

Who downvotes this? We should be happy we have robots reminding us and taking care of our piracy (lol I meant to write privacy but I'm leaving it)

Just install the fucker on your phone and set it as default (because you DO disable the YouTube app that comes bloated into every phone right? RIGHT?!), then you don't even have to think about it it autoruns all yt links, without ads, age restrictions, cookie naggings, antiadblock whining, and spying on your every single move online.

[–] BURN@lemmy.world 7 points 7 months ago (1 children)

Because it’s super annoying, clogs comment feeds and is unnecessary to be a giant wall of text comment for something ~50% of people don’t care about.

And yes, I use the default YouTube app because it works.

[–] YoorWeb@lemmy.world 2 points 7 months ago

We can always downvote piped bot posts.

[–] merthyr1831@lemmy.world 1 points 7 months ago (1 children)

Some people just dont like bots lmao, weird effect of reddit users migrating over.

[–] conciselyverbose@sh.itjust.works 4 points 7 months ago (1 children)

Any bot that isn't explicitly summoned is spam.

[–] Droechai@lemm.ee 4 points 7 months ago (1 children)

I do love the abbreviation bots though, they should be automatically summoned the first time a new abbreviation is used in a comment tree

[–] conciselyverbose@sh.itjust.works 3 points 7 months ago

That one is actually nice.

I think it should be required to get manually added to a community by moderators still though. Or respond to a summon to a specific thread.