Marvel Rivals has overcome a couple of difficulties since it was released at the end of last year. This mostly involved improving performance or sorting out technical issues with the breakable environment or individual hero abilities, but now it looks like its security will be the next hurdle the devs need to overcome.
A YouTuber who goes by Shalzuth revealed that he's found a vulnerability in Marvel Rivals that hackers can use as a doorway to take over your PC.
The video details the issue without giving any technical details, which could then be used to harm other players. «Please note, this isn't about fearmongering,» Shalzuth says. «It's about understanding how this class of vulnerability works and why it's so important for game developers to design hotfixes and patch updates in a secure and safe way.» It all apparently started when Shalzuth was playing Marvel Rivals, and he «noticed something odd about how the game updates the cosmetics store» because it does so without a client patch or update. «So I dug a little deeper and realised there's a flaw in how this patch system works,» Shalzuth says. «Originally, it was designed so the game developers could run code to update parts of the game on your device, but there's a flaw that someone can use to execute code on your device.
This is what the security industry calls Remote Code Execution (RCE).» Hackers use RCE vulnerabilities to execute arbitrary code on a remote device, which they can then use to gain full unauthorized control over things like PCs and laptops.
These attacks can then be used to install data-stealing malware, extract important data like passwords, disrupt applications, or install ransomware.