Respawn ‘investigating’ possible security vulnerability in Titanfall 2
Respawn Entertainment is “aware of reports” of and “investigating” a possible security vulnerability in Titanfall 2, the company announced today. The wording on the announcement does not confirm or deny the breach. Respawn has “no other information to share at the moment,” according to the tweet, but will update fans if new information comes up.
The Twitter statement comes hours after a user alleged that Titanfall 2 servers were compromised. The warning originated from the NoSkill community Discord, a server dedicated to a Titanfall modding community, and claims that “there are reports of a bug in the game that allow local code execution from the server.” This “could leave both your computer and your console vulnerable to exploits,” they wrote.
A user clarified the explanation on the NoSkill Discord, with details about how it could happen and its potential (and harmful) ramifications.
“The temporary buffer that Titanfall uses for game invites has a size cap,” they wrote. “If the decoded username of the person who invited you is larger than that size cap, it’ll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username. And because that is directly on your computer, it could potentially run any program, including malware, on your computer.”
According to another user, the cause of the vulnerability is a “malformed lobby invite” sent to members of the Advocate Network, Titanfall 2‘s default network, to crash their games with a buffer overflow. These overflows “have potential to lead to arbitrary code execution,” the user wrote.
Although there could be security implications from the vulnerability, it’s hard to find reports of users actively being hacked or harmed by the issue as of the time of writing. Hackers might potentially exploit the breach over time, however.
Respawn is investigating the issue and…
