Influenza A virus subtype H5N1 Google safety researcher has discovered a severe vulnerability inwards Blizzard games that could permit remote attackers to run malicious code on gamers’ computers.
Played every calendar month yesteryear one-half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone in addition to Starcraft II are pop online games created yesteryear Blizzard Entertainment.
To play Blizzard games online using spider web browsers, users postulate to install a game customer application, called 'Blizzard Update Agent,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, in addition to "accepts commands to install, uninstall, modify settings, update in addition to other maintenance related options."
Google's Project Zero squad researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the "DNS Rebinding" assault that allows whatever website to human activity every bit a duo betwixt the external server in addition to your localhost.
Just final week, Ormandy revealed a similar vulnerability inwards a pop Transmission BitTorrent app that could permit hackers to remotely execute malicious code on BitTorrent users' computers in addition to convey command of them.
By merely creating a DNS entry to bind whatever attacker-controlled spider web page amongst localhost (127.0.0.1) in addition to tricking users into visiting it, hackers tin easily ship privileged commands to the Blizzard Update Agent using JavaScript code.
Although a random website running inwards a spider web browser ordinarily cannot brand requests to a hostname other than its own, the local Blizzard updater service does non validate what hostname the customer was requesting in addition to responds to such requests.
Ormandy has also published a proof-of-concept exploit that executes DNS rebinding assault against Blizzard clients in addition to could locomote modified to permit exploitation using network drives, or setting finish to "downloads" in addition to making the browser install malicious DLLs, information files, etc.
Ormandy responsibly reported Blizzard of the outcome inwards Dec to buy the farm it patched earlier hackers could convey wages of it to target hundreds of millions of gamers.
However, later initially communication, Blizzard inappropriately stopped responding to Ormandy's emails in addition to silently applied partial mitigation inwards the customer version 5996.
Ormandy is also checking other big games vendors amongst a user base of operations of over 100 Million to come across if the occupation tin locomote replicated.
Played every calendar month yesteryear one-half a billion users—World of Warcraft, Overwatch, Diablo III, Hearthstone in addition to Starcraft II are pop online games created yesteryear Blizzard Entertainment.
To play Blizzard games online using spider web browsers, users postulate to install a game customer application, called 'Blizzard Update Agent,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, in addition to "accepts commands to install, uninstall, modify settings, update in addition to other maintenance related options."
Google's Project Zero squad researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the "DNS Rebinding" assault that allows whatever website to human activity every bit a duo betwixt the external server in addition to your localhost.
Just final week, Ormandy revealed a similar vulnerability inwards a pop Transmission BitTorrent app that could permit hackers to remotely execute malicious code on BitTorrent users' computers in addition to convey command of them.
By merely creating a DNS entry to bind whatever attacker-controlled spider web page amongst localhost (127.0.0.1) in addition to tricking users into visiting it, hackers tin easily ship privileged commands to the Blizzard Update Agent using JavaScript code.
Although a random website running inwards a spider web browser ordinarily cannot brand requests to a hostname other than its own, the local Blizzard updater service does non validate what hostname the customer was requesting in addition to responds to such requests.
Blizzard DNS Rebinding Attack — Proof of Concept Exploit
Ormandy has also published a proof-of-concept exploit that executes DNS rebinding assault against Blizzard clients in addition to could locomote modified to permit exploitation using network drives, or setting finish to "downloads" in addition to making the browser install malicious DLLs, information files, etc.
Ormandy responsibly reported Blizzard of the outcome inwards Dec to buy the farm it patched earlier hackers could convey wages of it to target hundreds of millions of gamers.
However, later initially communication, Blizzard inappropriately stopped responding to Ormandy's emails in addition to silently applied partial mitigation inwards the customer version 5996.
"Blizzard was replying to emails but stopped communicating on Dec 22nd. Blizzard is no longer replying to whatever enquiries, in addition to it looks similar inwards version 5996 the Agent straight off has been silently patched amongst a bizarre solution," Ormandy says.
"Their solution appears to locomote to interrogation the customer command line, buy the farm the 32-bit FNV-1a string hash of the exename in addition to therefore banking venture tally if it's inwards a blacklist. I proposed they whitelist Hostnames, but apparently, that solution was likewise elegant in addition to simple. I'm non pleased that Blizzard pushed this piece without notifying me, or consulted me on this."After the Ormandy's study went public, Blizzard contacted in addition to informed him that a to a greater extent than robust Host header whitelist prepare to address the outcome solely is currently beingness developed for deployment.
Ormandy is also checking other big games vendors amongst a user base of operations of over 100 Million to come across if the occupation tin locomote replicated.
Share This :
comment 0 Comments
more_vert