Possible remote code execution exploit in Apex Legends, professional players targeted during tournaments


by

dronepicr

Electronic Arts (EA), which operates the battle royale FPS 'Apex Legends,' has announced that it will postpone the North American finals of the official tournament 'Apex Legends Global Series (ALGS).' The reason for the postponement is that an abnormal situation occurred during the North American finals held on March 18, 2024, in which a professional player in the game was suddenly given a cheat. It is speculated that the cause was an arbitrary code execution exploit that exploited a vulnerability in the anti-cheat tool or game engine used in 'Apex Legends.'

Apex Legends players worried about RCE flaw after ALGS hacks
https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/

Apex Legends postpones competition amid hacking concerns - The Verge
https://www.theverge.com/2024/3/18/24104666/apex-legends-postpones-algs-competition-hack-concerns

During the third game of the ALGS North American Regional Final between DarkZero and Luminosity, a cheat tool called 'TSM HALAL HOOK' suddenly appeared on the screen of Genburten, a player of the DarkZero team. Below is a clip of that scene.

GEN GETS HACKED?????


The cheat allowed Genburten to see the positions of all other players on the map. Of course, Genburten wasn't cheating, but he was forced to abandon the game, saying something unusual had happened.



In Genburten's chat window, logs showing what appeared to be cheat tools being executed by hackers using the names 'Destroyer2009' and 'R4ndom' were displayed.



However, rather than invalidating the match, EA awarded the Luminosity team the victory and sent the finals to a fourth game.



However, in the fourth match, the player, ImperialHal, was given an aimbot, a cheat that automatically aims at enemies.



Tournament officials then stepped in and decided to cancel the match, with the Apex Legends Esports account announcing that the North American Finals would be postponed until it was safe from outside interference.



Arbitrary code execution is an exploit that allows arbitrary code to be executed with kernel privileges. Therefore, since the anti-cheat tool 'Easy Anti-Cheat' used in 'Apex Legends' acts as a kernel driver when the game is running, some people suspected that Easy Anti-Cheat might be vulnerable.

The Anti-Cheat Police Department of the X Account, which urges caution against cheating, revealed that a person who left his name in Genburten's chat window, calling himself Destroyer2009, said that he had 'exploited a remote code execution vulnerability.' However, Destroyer2009 did not clarify whether the vulnerability was in the 'Apex Legends' client or Easy Anti-Cheat.



The official Easy Anti-Cheat X account said: 'We have investigated reports of arbitrary code execution in Easy Anti-Cheat. At this time, we are confident that there are no vulnerabilities within Easy Anti-Cheat that could be exploited to execute arbitrary code.'



In response to this, the Anti-Cheat Police Department pointed out that it may be a vulnerability in the Source Engine, the game engine used in 'Apex Legends'. According to the Anti-Cheat Police Department, the possibility of an arbitrary code execution exploit that exploits the Source Engine and Steamworks API was pointed out in 2019. However, this vulnerability was fixed in an update in 2021.



At the time of writing, EA had not made an official statement on the cause of the issue.

Related Posts:

in Software,   Video,   Game,   Security, Posted by log1i_yk