Earlier this week, Cyberpunk 2077 modders noticed a security issue with the game, as there was a vulnerability that allowed crafted save files to execute rogue code. This would make downloading any modded save file for the game a risky move. Now two days later, CD Projekt Red has released a hotfix.
Yesterday, Cyberpunk 2077 patch 1.12 began rolling out on PC, specifically addressing the vulnerability. The update fixes the buffer overflow issue and updated, more secure DLL files have been added to replace the out of date files.
Hotfix 1.12 is now available on PC!
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
– Fixed a buffer overrun issue.
– Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf
— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
For those who don’t know, the issue came from an old DLL file from 2010, which does not have the same level of security as more recent versions. A modded save file could take advantage of this via a buffer overflow, redirecting a thread to the outdated DLL. From there, an attacker could essentially use the file as an executable to run a virus.
As Eurogamer points out, the problem was first discovered by modder ‘PixelRick’, who came across it while attempting to build a save editor for the game.
KitGuru Says: Given that this issue would turn Cyberpunk 2077 into a backdoor for a cyberattack, it needed to be addressed quickly. Hopefully now the game will remain secure for modders.