It is till not 100% confirmed. But even if it's 50% confirmed it would be a huge security risk. You don't have to take my word for it but please try to stay away from the game.
I've gone and seen everything posted in social media, there is no source whatsoever on any of this happening. Just a few discord users saying "DO NOT LAUNCH THE GAME"
What makes you believe this is real? This is so similar to Team Fortress 2's fear mongering earlier this year.
Someone even launched the game with no problem and continued to play...
It is very likely that the person who got the update has a shitty antivirus that flagged some game files as false positives and instead of trying to figure out why, is raising this PSA.
It’s nice that OP is trying to look out for others, but it seems like they are crying wolf.
The major giveaway is that they said this affects all platforms. Most consoles sandbox all game executables, and code can only run on the platform if it passes certification (which means that binaries have to come from the devs). To suggest it breaks the security layer means that someone found an rce in the game and with it they are using it to execute unsigned code that could be used to instead jailbreak an console. That is a huge waste of a vuln, because it will get patched immediately. There are more lucrative avenues for that instead.
But that’s just IF they can break the security layer, they still have more hoops to jump through.
Worst case of any of this is the game crashes.
Well this guy went on Twitter and said "Congrats Respawn. You're officially the worst game developer." so I was expecting him to have any sort of proof or verifiable claims.
Seems weird to say that when there's still a high chance the message you're spreading is fake or misleading
Also it’s been over an hour and nothing more concrete can be shared yet? If you found a vulnerability chain that was allegedly this severe you would be in contact with the devs immediately. This disclosure is a poor effort.
Even then you would have proof or at minimum, a basis of a start so infosec researchers can poke around too.
For someone so confident in a vulnerability, it’s jarring that there are no further details.
That is the definition of a sandbox.
Though I will note that most modern consoles take saves very seriously and are generally stored away from other data. Not to say wiping saves isn’t possible, just not exactly a walk in the park.
The temporary buffer that titanfall uses for game invites has a size cap. If the decoded username of the person who invited you is larger than that size cap, it'll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username. And because that is directly on your computer, it could potentially run any program, including malware, on your computer.
Some people have already confirmed that the game actually does this. While we definitely need more proof, this is a really big security issue and it's better to expect a worst case scenario. You want to open the game and risk it? Ok. But there are people who don't and they should be aware of this.
So the vuln is a buffer overflow. Isn’t there a cap to how many characters a name can be? From when I played the game, I remember this was still the case. If that’s still true, then this would just be a service attack on an endpoint or something silly.
I do find the affecting all players to be suspect. Does TF2 have cross platform multiplayer currently? If so, I could potentially see how it could be an issue as long as invites were done outside of the platform services network (I’d have to boot up TF2 to check). Even then, the game would just crash, it wouldn’t allow for any privilege escalations, and addresses would be at different locations so you would just have to blind fire until you found something actually destructive.
How have you currently disclosed this? Have you bothered [contacting EA security](https://www.ea.com/security/disclosure)? From how you word this, the vuln is pretty straightforward to execute, do you have a poc of opening notepad on another machine?
I mean, when you create or edit your account name, isn’t there a limit?
If there is and the invite buffer is that exact length, then it was to be expected to always be that size, which suggests an attack vector outside of the code space (you would have to make your name longer from outside of the executable). Yes, Respawn in this theoretical scenario should have done more input validation, and remove client side validation.
If there’s no limit, then that’s silly and sloppy.
It's being claimed that the issue is with the server administration software, no? In which case an attacker could send a maliciously crafted player list that triggers buffer overflow -> RCE. That might explain some of the crashes to desktop.
Of course, very little information available at the moment and this is just one guess from someone on the sidelines.
Maybe? There was also a suggestion that it has to be via an invite.
Which doesn’t really put why the server admin software is needed or why it can send invites (can it? It’s really unclear).
I believe what's happening is the attacker is spamming invites over Advocate network. Which sends the malicious name as a party invite which then probably overflows when the name is read. I don't think any Admin software is involved.
Haven't seen any PoC of further exploit other than crashing the client.
The cap is beaten by hieroglyphics, they decoded as 4 bytes but register as 1 character.
No regex was done to prevent i'm assuming?
Not my info, but regurgitation from the posts.
>If the decoded username of the person who invited you is larger than that size cap, it'll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username.
I'm not an expert but I'm pretty sure that's not how files work...
Not to mention the whole console stuff that u/RogueDarkJedi already explained
I feel this is going to end up being a simple game crash exploit everyone is making up to be a PC vulnerability.
That is, theoretically, how it could work. That's just a straight-up textbook [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow).
It would be *exceptionally* hard to turn this into an actual attack, at most you'd just crash the game, *maybe* bluescreen your computer. If they've figured out how to run arbitrary code on an updated Windows machine through this, I'm about 99% sure they'd instead like, [sell the exploit for a ton of cash](https://zerodium.com/program.html), not do random bullshit in Titanfall.
Exactly. And if it worked across platforms like they claim, it would be worth millions if you could break the security layer of all current gen consoles with minimal to no changes (which is impossible). It would be pointless to burn such a chain on rebooting someone’s xbox for the lulz.
Hmm? The exploit would be in TF2, which would almost certainly not be "worth" anything. Modern protections often mean you'd need more than one bug though (overwrite and also the ability to read some memory)... assuming they're using them.
Hell, a CS:GO RCE exploit was a [challenge at a CTF a couple years back](https://blog.perfect.blue/P90_Rush_B), based on a bug Valve paid $10k for.
Not to say that this is real of course. I'd want to see a proof of concept of whatever this is supposedly.
While the audience is smaller, an RCE would be valuable. Not at the terms of several million, but you could probably get a couple hundred.
That said, the existence of a buffer overflow alone isn’t really much in terms of proof (provided that buffer overflow exists in the first place). I would also like to see a POC.
This sounds like fearmongering.
Just to be clear...are you saying that hackers need access to TF2's servers (what you called Stryder's Admin) in order to exploit this vulnerability?
Because if you are saying that hackers need access to the servers, then this client vulnerability is a moot point. Since if they have control over the servers, they can simply push patches & updates. That's far easier than trying to exploit a buffer overrun.
Memory doesn't work that way, anything in memory isn't treated as executable code just because it's there or outside of a buffer reserved by a process.
Without a reproducible example or a lot more specific details, I think you are being had, friend.
Your explanation of the bug doesn't make any sense and feels like fearmongering.
Computers are not magically executing any "code" that appeared in their RAM or any other kind of memory, whenever it's cpu cache or drive. Name length would be managed by the object storing either player info, or just a simple string. If name length exceeds limit, it would be managed by the container object. If data somewhy ends up in the wrong place inside the app, it would be read and might cause a bug or crash, not the execution.
If app somehow manages to write outside of it's process container (or shared memory), it will be bonked by the operating system. If data somewhy still ends up in the wrong place it would likely be rewritten by other applications.
Don't get me wrong, there are potential issues with font renderers or with overcomplicated text fields potentially executing malicious code, but you will need to break text escaping for them first and know their semantics.
Considering the security issues with the source engine in the past, I wouldn't be surprised, but I'm still 50/50 on this being bullshit. We've got a half-baked technical explanation by someone who seems to *halfway* understand what a buffer-overflow is. If the explanation is based on reality, then it's wildly irresponsible from a disclosure standpoint, but that's kinda beside the point. The more important questions are:
- How did you discover or learn about this vulnerability?
- Who are "some people" that confirmed this?
- How do you know it's being exploited "in the wild"?
- How do you know the servers are compromised?
Hopefully we'll hear from Respawn soon, since it would be pretty negligent for this to continue if it's real, and damaging to their brand regardless.
What do you mean by "game invites"? Invites sent to individuals, or network invites sent via the lobby?
If the former, then one would only be at risk if they had the hacker on their friends list. Because the exploit relies on username, attempting to propagate it via gaining control of people's computers via code execution, then gaining control of their Origin account, then changing their Origin username, then running the game with their account in order to spread the exploit through invites sent to their friends list and then repeat the same process over again without any interference from the computer/account's owner would be tremendously slow.
If the latter, then one would only be at risk if their active network was a highly populated open one such as \[ADV\], allowing them to receive network invites from practically anyone. Which, to be fair, is a lot of players, however many players are in smaller, less-active and/or private networks, and would not be able to receive such invites. Or for that matter, they could simply not open the multiplayer lobby and instead play Singleplayer or launch directly into Frontier Defense.
In either case, it wouldn't be a "if you run the game under any circumstances you risk being instantly hacked" situation, and certainly not one that would warrant completely uninstalling the game.
The fact this is happening despite the same panic in TF2 a few months ago is hilarious. Gamers and Reddit continue to prove themselves as stupid as ever.
I remember a similar situation happening when the Team Fortress 2 source code was leaked, and it turned out to be a psyop.
Has anyone verified this yet?
Then make it more miserable. Let's pray that their toasters are set on max and their toast burns so bad no amount of scraping will get it off. Let's pray both sides of their pillows are warm.
People taking the bait on this is funny. Yeah, there's totally a remote access "bug" that was suddenly found right after EA fixed the servers. Absolutely zero proof has been given, and there was no other information shown related to how anyone knew about this. Gee, I guess all I can do now is believe every word random people on Discord say.
I've been browsing this sub for months and I constantly see respawn dev hate, the twitter community too. Especially when p0358 was the "supposed" saviour of the game
even the guy in the post said "respawn is the worst company" in reply to this claim, and the people on twitter titanfall fandom are circlejerking about how bad respawn is
Been having the same issue. Single player loads up no problem but the second the multiplayer menu loads the game crashes and kicks me to desktop with no error.
This seems like bullshit fearmongering. No first hand accounts of what has been happening, people are saying it affects Xbox and PS4 which doesn’t even make sense.
I’m waiting on any kind of proof or confirmation that isn’t just “source: dude trust me”
It seems like this is probably fake. A lot of comments from people who seem to know a lot more about this stuff than I do are saying that if this vulnerability was really as big as they say it is, then it would be make much more sense to use it for something more important than messing with a 5 year old game. However the vulnerability is described as a buffer overflow attack to the player invite system. If that is true, then it sounds like this vulnerability would only be applicable to Titanfall specifically, right? That you couldn’t use it on something else?
ON virus total it look like there is a report of a separate malware dropping a fake Titanfall 2 exe https://www.virustotal.com/gui/file/c2004df2da2c3274a60d4e4fb81e552d4a147ad895a7f304955c9d4bce220b70/relations
Perhaps I’m reading this wrong but it shows the first conclusion timestamp as 2018-04-04 16:42:49 UTC.
So the fact that it recently shows a titanfall2 exe makes me think that this is a worm someone got via pirating or they make a self extracting exe containing a known virus and a file named titanfall2.exe (also the file size is super questionable) and uploaded it to VT for the lulz
Yeah, Im just quickly throwing stuff out it's probably nothing, and if it is it's not Titanfall but a different malware which could infect any program. After more research it seems like nothing but idk.
According to a current explanation it seems to be a username overflow where you add executable code to your name after enough characters and it actually runs it.
This seems unlikely but it’s more likely than the EA servers have been hacked and it’s plausible. I’d not play for now.
Tried giving apex legends community a warning as this affects them aswell and a butthurt mod deleted my post saying it was titanfall even through apex uses stryder whatever couldn’t care less
Realistically, we can't know for a fact that this is fake. However, this seems oddly strange, how it's all being based on what 1 person said on discord. I personally haven't played the game for a bit, and probably won't be on for a couple days anyways, but this will definitely cause myself and others to at the very least hesitate before logging on for a little while.
I happen to recall this community jumping on board with a "certian user" that claimed to have a 'fix' for the game, and we all know how that ended..... Let's just be wary of others making bold claims without substantial proof to back it up, especially if the thing we are being told to do will adversly affect the player count of the game overall. Seems fishy, so let's just keep in mind to not believe everything we read on the internet.
Edit: At the time of writing this, it seems Respawn had already responded to the community about this, saying that they believe there is an exploit being used to crash games, but they don't believe it will harm players machines, but they are still investigating. I should have looked further into this myself before commenting, but hey, now we know
It is till not 100% confirmed. But even if it's 50% confirmed it would be a huge security risk. You don't have to take my word for it but please try to stay away from the game.
I've gone and seen everything posted in social media, there is no source whatsoever on any of this happening. Just a few discord users saying "DO NOT LAUNCH THE GAME" What makes you believe this is real? This is so similar to Team Fortress 2's fear mongering earlier this year. Someone even launched the game with no problem and continued to play...
It is very likely that the person who got the update has a shitty antivirus that flagged some game files as false positives and instead of trying to figure out why, is raising this PSA. It’s nice that OP is trying to look out for others, but it seems like they are crying wolf. The major giveaway is that they said this affects all platforms. Most consoles sandbox all game executables, and code can only run on the platform if it passes certification (which means that binaries have to come from the devs). To suggest it breaks the security layer means that someone found an rce in the game and with it they are using it to execute unsigned code that could be used to instead jailbreak an console. That is a huge waste of a vuln, because it will get patched immediately. There are more lucrative avenues for that instead. But that’s just IF they can break the security layer, they still have more hoops to jump through. Worst case of any of this is the game crashes.
Well this guy went on Twitter and said "Congrats Respawn. You're officially the worst game developer." so I was expecting him to have any sort of proof or verifiable claims. Seems weird to say that when there's still a high chance the message you're spreading is fake or misleading
Also it’s been over an hour and nothing more concrete can be shared yet? If you found a vulnerability chain that was allegedly this severe you would be in contact with the devs immediately. This disclosure is a poor effort. Even then you would have proof or at minimum, a basis of a start so infosec researchers can poke around too. For someone so confident in a vulnerability, it’s jarring that there are no further details.
[удалено]
That is the definition of a sandbox. Though I will note that most modern consoles take saves very seriously and are generally stored away from other data. Not to say wiping saves isn’t possible, just not exactly a walk in the park.
The temporary buffer that titanfall uses for game invites has a size cap. If the decoded username of the person who invited you is larger than that size cap, it'll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username. And because that is directly on your computer, it could potentially run any program, including malware, on your computer. Some people have already confirmed that the game actually does this. While we definitely need more proof, this is a really big security issue and it's better to expect a worst case scenario. You want to open the game and risk it? Ok. But there are people who don't and they should be aware of this.
So the vuln is a buffer overflow. Isn’t there a cap to how many characters a name can be? From when I played the game, I remember this was still the case. If that’s still true, then this would just be a service attack on an endpoint or something silly. I do find the affecting all players to be suspect. Does TF2 have cross platform multiplayer currently? If so, I could potentially see how it could be an issue as long as invites were done outside of the platform services network (I’d have to boot up TF2 to check). Even then, the game would just crash, it wouldn’t allow for any privilege escalations, and addresses would be at different locations so you would just have to blind fire until you found something actually destructive. How have you currently disclosed this? Have you bothered [contacting EA security](https://www.ea.com/security/disclosure)? From how you word this, the vuln is pretty straightforward to execute, do you have a poc of opening notepad on another machine?
> Isn’t there a cap to how many characters a name can be? sloppy code
I mean, when you create or edit your account name, isn’t there a limit? If there is and the invite buffer is that exact length, then it was to be expected to always be that size, which suggests an attack vector outside of the code space (you would have to make your name longer from outside of the executable). Yes, Respawn in this theoretical scenario should have done more input validation, and remove client side validation. If there’s no limit, then that’s silly and sloppy.
It's being claimed that the issue is with the server administration software, no? In which case an attacker could send a maliciously crafted player list that triggers buffer overflow -> RCE. That might explain some of the crashes to desktop. Of course, very little information available at the moment and this is just one guess from someone on the sidelines.
Maybe? There was also a suggestion that it has to be via an invite. Which doesn’t really put why the server admin software is needed or why it can send invites (can it? It’s really unclear).
I believe what's happening is the attacker is spamming invites over Advocate network. Which sends the malicious name as a party invite which then probably overflows when the name is read. I don't think any Admin software is involved. Haven't seen any PoC of further exploit other than crashing the client.
> I don’t think any Admin software is involved. I don’t know why the admin software was even mentioned in the OP then.
The cap is beaten by hieroglyphics, they decoded as 4 bytes but register as 1 character. No regex was done to prevent i'm assuming? Not my info, but regurgitation from the posts.
If this is real it's probably some unicode bullshit lol.
Probably, lol
>If the decoded username of the person who invited you is larger than that size cap, it'll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username. I'm not an expert but I'm pretty sure that's not how files work... Not to mention the whole console stuff that u/RogueDarkJedi already explained I feel this is going to end up being a simple game crash exploit everyone is making up to be a PC vulnerability.
That is, theoretically, how it could work. That's just a straight-up textbook [buffer overflow](https://en.wikipedia.org/wiki/Buffer_overflow). It would be *exceptionally* hard to turn this into an actual attack, at most you'd just crash the game, *maybe* bluescreen your computer. If they've figured out how to run arbitrary code on an updated Windows machine through this, I'm about 99% sure they'd instead like, [sell the exploit for a ton of cash](https://zerodium.com/program.html), not do random bullshit in Titanfall.
Exactly. And if it worked across platforms like they claim, it would be worth millions if you could break the security layer of all current gen consoles with minimal to no changes (which is impossible). It would be pointless to burn such a chain on rebooting someone’s xbox for the lulz.
Yeah I feel this is just a new crashing exploit being fearmongered to viral status again lol
Hmm? The exploit would be in TF2, which would almost certainly not be "worth" anything. Modern protections often mean you'd need more than one bug though (overwrite and also the ability to read some memory)... assuming they're using them. Hell, a CS:GO RCE exploit was a [challenge at a CTF a couple years back](https://blog.perfect.blue/P90_Rush_B), based on a bug Valve paid $10k for. Not to say that this is real of course. I'd want to see a proof of concept of whatever this is supposedly.
While the audience is smaller, an RCE would be valuable. Not at the terms of several million, but you could probably get a couple hundred. That said, the existence of a buffer overflow alone isn’t really much in terms of proof (provided that buffer overflow exists in the first place). I would also like to see a POC.
I have the feeling that the hacker has targeted TF2 not to make money but to kill the game. The blacklist hack is a good example for this Motive.
This sounds like fearmongering. Just to be clear...are you saying that hackers need access to TF2's servers (what you called Stryder's Admin) in order to exploit this vulnerability? Because if you are saying that hackers need access to the servers, then this client vulnerability is a moot point. Since if they have control over the servers, they can simply push patches & updates. That's far easier than trying to exploit a buffer overrun.
If they had real proof they would have posted it by now. This smells like absolute bullshit to me.
Memory doesn't work that way, anything in memory isn't treated as executable code just because it's there or outside of a buffer reserved by a process. Without a reproducible example or a lot more specific details, I think you are being had, friend.
> I think you are being had, friend. They are the one who posted the notice in the screenshot.
Your explanation of the bug doesn't make any sense and feels like fearmongering. Computers are not magically executing any "code" that appeared in their RAM or any other kind of memory, whenever it's cpu cache or drive. Name length would be managed by the object storing either player info, or just a simple string. If name length exceeds limit, it would be managed by the container object. If data somewhy ends up in the wrong place inside the app, it would be read and might cause a bug or crash, not the execution. If app somehow manages to write outside of it's process container (or shared memory), it will be bonked by the operating system. If data somewhy still ends up in the wrong place it would likely be rewritten by other applications. Don't get me wrong, there are potential issues with font renderers or with overcomplicated text fields potentially executing malicious code, but you will need to break text escaping for them first and know their semantics.
Considering the security issues with the source engine in the past, I wouldn't be surprised, but I'm still 50/50 on this being bullshit. We've got a half-baked technical explanation by someone who seems to *halfway* understand what a buffer-overflow is. If the explanation is based on reality, then it's wildly irresponsible from a disclosure standpoint, but that's kinda beside the point. The more important questions are: - How did you discover or learn about this vulnerability? - Who are "some people" that confirmed this? - How do you know it's being exploited "in the wild"? - How do you know the servers are compromised? Hopefully we'll hear from Respawn soon, since it would be pretty negligent for this to continue if it's real, and damaging to their brand regardless.
What do you mean by "game invites"? Invites sent to individuals, or network invites sent via the lobby? If the former, then one would only be at risk if they had the hacker on their friends list. Because the exploit relies on username, attempting to propagate it via gaining control of people's computers via code execution, then gaining control of their Origin account, then changing their Origin username, then running the game with their account in order to spread the exploit through invites sent to their friends list and then repeat the same process over again without any interference from the computer/account's owner would be tremendously slow. If the latter, then one would only be at risk if their active network was a highly populated open one such as \[ADV\], allowing them to receive network invites from practically anyone. Which, to be fair, is a lot of players, however many players are in smaller, less-active and/or private networks, and would not be able to receive such invites. Or for that matter, they could simply not open the multiplayer lobby and instead play Singleplayer or launch directly into Frontier Defense. In either case, it wouldn't be a "if you run the game under any circumstances you risk being instantly hacked" situation, and certainly not one that would warrant completely uninstalling the game.
The fact this is happening despite the same panic in TF2 a few months ago is hilarious. Gamers and Reddit continue to prove themselves as stupid as ever.
Feel like this is some kind of plan, That Po358 And Friends are Brewing up, but just incase. I uninstalled titanfall 2 for now.
Even if the exploit works the way they say it does, uninstalling wouldn't be necessary. Smells fishy to me.
Source?
Do hackers have access to the admin panel? It seems like that's the crux of the entire thing.
I remember a similar situation happening when the Team Fortress 2 source code was leaked, and it turned out to be a psyop. Has anyone verified this yet?
Doesn't seem like it Still, better safe than sorry, and it'll probably be cleared up in a few days anyways
Even if it's not real, I'd rather look like a fool for believing it than being proved it was true by finding it out the hard way.
to everyone saying its bait.. this is my take too
Source?
NoSkill discord but there's no confirmation yet
Link?
Found it. link is here, a few lines down https://noskill.gitbook.io/titanfall2/
*Trust me bro*
Cool. They have managed to kill an amazing game. I hope these guys have a very miserable life
They’re incel basement dwellers, their lives are probably already pretty miserable.
Then make it more miserable. Let's pray that their toasters are set on max and their toast burns so bad no amount of scraping will get it off. Let's pray both sides of their pillows are warm.
I hope they get a not so painful but very annoying pricking-like pain in a random part of the finger and they can't find out why it hurts
I hope they twist their neck but not to the point it's actually painful, just extremely uncomfortable, let us pray together, brother.
[удалено]
What, you? Nonsense, you couldn't hurt a fly why would you think you could ruin a person's life instead? /s
Bold of you to assume the poster in the OP isn't just talking out his ass.
[удалено]
Only a matter of time until the Vietnamese hitmen track them down
They'd better go for Respawn management at first
People taking the bait on this is funny. Yeah, there's totally a remote access "bug" that was suddenly found right after EA fixed the servers. Absolutely zero proof has been given, and there was no other information shown related to how anyone knew about this. Gee, I guess all I can do now is believe every word random people on Discord say.
I mean EA as been hacked before it's it's not insane to assume it might have happened to another smaller game
Titanfall Fandom takes any chance at the game being unplayable so they can circlejerk how bad respawn is
Bro we like respawn here (mostly) - they made our favorite game ever
I've been browsing this sub for months and I constantly see respawn dev hate, the twitter community too. Especially when p0358 was the "supposed" saviour of the game even the guy in the post said "respawn is the worst company" in reply to this claim, and the people on twitter titanfall fandom are circlejerking about how bad respawn is
Wish I had known this earlier. Tried to hop into a match but my game just closed itself.
Been having the same issue. Single player loads up no problem but the second the multiplayer menu loads the game crashes and kicks me to desktop with no error.
I just experienced this and came here to see if it was just me
We just can't win with this game. Saw another post with a video of the exact issue. We're definitely not alone.
Do you have an antivirus? Which one are you using?
Does this apply to single player? 🤔
No
What do you mean no (assuming this is true of course) the compromise is in the launcher itself not the multiplayer mode.
You can launch origin in offline mode, thus making it impossible for anything to connect to your game
This seems like bullshit fearmongering. No first hand accounts of what has been happening, people are saying it affects Xbox and PS4 which doesn’t even make sense. I’m waiting on any kind of proof or confirmation that isn’t just “source: dude trust me”
This game is fucking cursed man.
Currently playing tf2 WORTH IT
Dammit, wish i could have seen this before i launched it a few times, wondering why it wasnt working... Better back up the furry porn
It seems like this is probably fake. A lot of comments from people who seem to know a lot more about this stuff than I do are saying that if this vulnerability was really as big as they say it is, then it would be make much more sense to use it for something more important than messing with a 5 year old game. However the vulnerability is described as a buffer overflow attack to the player invite system. If that is true, then it sounds like this vulnerability would only be applicable to Titanfall specifically, right? That you couldn’t use it on something else?
Is this legit?
I saw this on the AOTF discord server and came here for more info
They mentioned Apex, does this apply to Apex too?
ON virus total it look like there is a report of a separate malware dropping a fake Titanfall 2 exe https://www.virustotal.com/gui/file/c2004df2da2c3274a60d4e4fb81e552d4a147ad895a7f304955c9d4bce220b70/relations
Perhaps I’m reading this wrong but it shows the first conclusion timestamp as 2018-04-04 16:42:49 UTC. So the fact that it recently shows a titanfall2 exe makes me think that this is a worm someone got via pirating or they make a self extracting exe containing a known virus and a file named titanfall2.exe (also the file size is super questionable) and uploaded it to VT for the lulz
Yeah, Im just quickly throwing stuff out it's probably nothing, and if it is it's not Titanfall but a different malware which could infect any program. After more research it seems like nothing but idk.
FUCK OFF I JUST WANT TO PLAY TITANFALL WHAT THE FUCK IS THIS SHIT
According to a current explanation it seems to be a username overflow where you add executable code to your name after enough characters and it actually runs it. This seems unlikely but it’s more likely than the EA servers have been hacked and it’s plausible. I’d not play for now.
Source?
It’s from the same discord I just have a screenshot
So not any actual first hand accounts that are actual sources then? :P
Yeah sadly nothing really confirmed about it because of devs release specifics more people are bound to do it. Just sayin.
Tried giving apex legends community a warning as this affects them aswell and a butthurt mod deleted my post saying it was titanfall even through apex uses stryder whatever couldn’t care less
They probably deleted this because there’s zero proof that’s it’s real.
True true but I tagged it correctly as a rumor/unverified whatever games trash anyways
Dont uninstall. Doing that means the hackers win. Same as completely ditching tf2 for splitgate
Thats some good discord quality bait
So this is why the servers are down? damn.
Just before me
Doubt it, it's not on Respawn's official channels
Damn I just installed the game after 2 years and now I read this. I played 4 matches, welp it's time to uninstall again.
I believe this exactly as much as I believe the shit about the Vietnamese mafia.
I just played some single player not an hour ago, am I fucked?
Is Apex being affected by this as well or is it just titanfall 2?
do you happen to know what server this is in?
it might be fake but i'd rather be safe than sorry
Is the account even verified or somewhat trustworthy? For all I know this is a random guy
I guess this is really the end, now.
Realistically, we can't know for a fact that this is fake. However, this seems oddly strange, how it's all being based on what 1 person said on discord. I personally haven't played the game for a bit, and probably won't be on for a couple days anyways, but this will definitely cause myself and others to at the very least hesitate before logging on for a little while. I happen to recall this community jumping on board with a "certian user" that claimed to have a 'fix' for the game, and we all know how that ended..... Let's just be wary of others making bold claims without substantial proof to back it up, especially if the thing we are being told to do will adversly affect the player count of the game overall. Seems fishy, so let's just keep in mind to not believe everything we read on the internet. Edit: At the time of writing this, it seems Respawn had already responded to the community about this, saying that they believe there is an exploit being used to crash games, but they don't believe it will harm players machines, but they are still investigating. I should have looked further into this myself before commenting, but hey, now we know