Multitude of Unreal Engine Vulnerabilities

[TS | Thomas]

Games on all Windows, Linux, & MacOS platforms that implement the Unreal network gaming engine by Epic Games find themselves vulnerable to a laundry list of dangerous exploits. This battalion of vulnerabilities include local & remote DoS, DDoS, Bounce attacks with spoofed UDP Packets, Fake Players, Execution of Malicious Code without size limitations, Unreal URL crash, & more. "Naturally this attack is very very simple, yet very very powerful" explains Luigi. For detailed information please see the full advisory.

Unfortunately Epic games has been slow to respond or produce a fix of any kind for their customers & clients. As documented within the full advisory, Epic & its employees engaged PivX & its researchers in a variable game of 'cat & mouse' over the course of 3 months prior to this release. "Our goal at PivX is to work with committed vendors in creating fixes & pushing them to market in a timely manner. If raising public awareness helps to succeed that goal, then so be it." Says Geoff Shively, Chief Hacking Officer for PivX Solutions.

The full advisory also contains a link to a utility to verify how this affects your Unreal engine game.

 

[Nexxus6]

There goes the neighborhood. UT gaming is going to be a bumpy ride very soon. I wonder if the xbox version suffers from these flaws.

 

[TS | Thomas]

"PivX Labs is working on duplication of these & other vulnerabilities on console platform versions, i.e.: Unreal Championship for XBox."

It probably should affect the console versions too I'd imagine. I mean if Epic haven't really bothered changing the netcode much since 1998 (Beyond performance optimizations - mostly CPU server side & some added features) I can't imagine they'd have done that for consoles. Though I guess with consoles they don't need some of the vulnerable features either so maybe not to the extent that the PC releases are anyway.