This game’s chat could have been used to spread malware.
Have you ever played a MMORPG? A Massively Multiplayer Online Role-Playing Game is more than just a mouthful. They can be addicting. Running through a world to complete your quests, while surrounded my other players, and sometimes working with other players, can be much more fun than playing by yourself. One necessary aspect of MMORPG’s is an in-game chat. How else are you supposed to interact with other players?
Unfortunately, one of those MMORPG’s had to disable their own chat this last week. The game was Tera, by publisher En Masse Entertainment. Tera has been running since 2011 and has over 26 million registered players. So why did they have to disable their chat? Because their chat client was vulnerable to malware attacks.
Reportedly, a Reddit user discovered a vulnerability in the chat client thanks to the clients use of HTML. With this vulnerability, players could do a variety of unwelcomed actions. From sharing external images, crashing the game client, and most importantly, perform remote code execution, which means the chat client could be used to distribute malware.
Luckily, the game developers did the right thing and immediately took down the chat function of the game. This probably frustrated some players, but once the vulnerability had been made public, every player was at risk.
A hotfix has since been put in place, and the chat is currently safe to use, as the company is reviewing the chat function. Players can likely expect a new type of chat to appear in the game soon.
It does not appear that this vulnerability had actually been exploited at any time, and users should feel good knowing that once the vulnerability was found, the game developers were quick to protect their users.
source: PC Mag