A cybersecurity researcher has unearthed a critical vulnerability in the computer game Marvel Rivals, potentially enabling malicious actors to execute arbitrary code on players’ devices. The flaw lies within the update mechanism, which neglects to verify the authenticity of the servers distributing patches. Compounding the risk, the game operates with administrative privileges, significantly amplifying the potential impact of an exploit.
This type of vulnerability, known as Remote Code Execution (RCE), ranks among the most severe in cybersecurity. Mere proximity within the same Wi-Fi network could allow an attacker to inject malicious code onto a victim’s computer.
According to the researcher, this attack vector may jeopardize not only PC users but also console owners. Theoretically, this vulnerability could be exploited on PlayStation 5 to circumvent the system’s security measures.
Security in video games remains a pressing concern. Many developers demonstrate a lack of responsiveness to vulnerability reports, and bug bounty programs are absent in most major game studios. The researcher notes discovering at least five critical vulnerabilities in popular games over the past year, three of which remain unaddressed due to developer apathy or communication barriers.
This disregard for cybersecurity within the gaming industry propels enthusiasts to create unofficial exploits, bots, and cheats, ultimately harming the entire gaming ecosystem. However, some developers actively engage with the security community and implement bug bounty programs.
