PSA: Don't play Dark Souls 3 until a new remote code execution vulnerability is patched

[ad_1]

This new security vulnerability in Dark Souls 3, as outlined on Twitter by user @SkeleMann and in multiple threads, including one pinned by moderators, on the Dark Souls 3 subreddit, seems to operate on the level of full-on malware and could pose a serious risk to anyone playing the game in its online mode. The well-respected Blue Sentinel mod, which has been able to counteract similar, if less serious vulnerabilities in the past, has just been updated to address the issue as of this afternoon.

As of writing, it seems that the newest hack is not disseminating out in the wild—its discoverer has demonstrated the vulnerability on-stream and contacted Bandai Namco, but it does not seem to be the case that hackers at-large have access to it yet. Still, better to be safe than sorry and play in offline mode or with the Blue Sentinel patch.

See more

This is not the first time issues like this have cropped up in Dark Souls 3 multiplayer. In 2016, we reported on hacked items being left in users' games by invaders, corrupting their saves, and I recall a similar issue of hacked items existing in the initial PC release of Dark Souls: Prepare to Die Edition. That persistence across multiple games is also worrying with the upcoming release of FromSoft's Dark Souls successor, Elden Ring. I've seen multiple users speculate that this critical vulnerability in Dark Souls 3 could be present in Elden Ring if it uses the same netcode, but that remains unconfirmed.

We hope to see official word from Bandai Namco soon, but even when this vulnerability gets addressed, it's highly alarming that it could even exist in the first place. All of a sudden, Demon's Souls' official servers being shut down leaving offline play the only option seems like more of a feature than a downside.



[ad_2]

Source link