Respawn Entertainment is “aware of reports” of and “investigating” a possible security vulnerability in Titanfall 2, the company announced today. The wording on the announcement does not confirm or deny the breach. Respawn has “no other information to share at the moment,” according to the tweet, but will update fans if new information comes up.
The Twitter statement comes hours after a user alleged that Titanfall 2 servers were compromised. The warning originated from the NoSkill community Discord, a server dedicated to a Titanfall modding community, and claims that “there are reports of a bug in the game that allow local code execution from the server.” This “could leave both your computer and your console vulnerable to exploits,” they wrote.
A user clarified the explanation on the NoSkill Discord, with details about how it could happen and its potential (and harmful) ramifications.
“The temporary buffer that Titanfall uses for game invites has a size cap,” they wrote. “If the decoded username of the person who invited you is larger than that size cap, it’ll start overwriting random memory to store the name. Once it gets outside of that specific temporary buffer, though, your PC starts treating it as executable code instead of a username. And because that is directly on your computer, it could potentially run any program, including malware, on your computer.”
According to another user, the cause of the vulnerability is a “malformed lobby invite” sent to members of the Advocate Network, Titanfall 2‘s default network, to crash their games with a buffer overflow. These overflows “have potential to lead to arbitrary code execution,” the user wrote.
Although there could be security implications from the vulnerability, it’s hard to find reports of users actively being hacked or harmed by the issue as of the time of writing. Hackers might potentially exploit the breach over time, however.
Respawn is investigating the issue and fans should wait for official announcements, particularly on Twitter, to know more.
Update Sept. 8 9:57pm CT: The company is still investigating, but Respawn engineers believe it’s “a simple exploit that can be used to crash games” and “do not believe there are any more serious risks to affected players or their machines,” according to an announcement. We have updated the headline accordingly.
Update Sept. 10 10:01am CT: Respawn “shipped an update to address the game-crashing exploit” and “found no evidence of any more serious vulnerabilities,” according to an official tweet.