I mean it might not be likely that EAC is the cause (The fact this only happened on Apex when dozens of big games use EAC is telling imo) the fact Epic denied it isn’t evidence enough. For all we know, this could be a day zero exploit that Epic isn’t currently aware of.
noevidenz@infosec.pub 7 months ago
There is currently no evidence of an RCE exploit in EAC, and EAC themselves as well as their owner, Epic, have both denied the existence of an RCE in their software.
There’s a video from about a month ago in which ImperialHal and Genburten (on separate occasions) are in a match against the person named in the messages sent by the exploit on Genburten’s machine.
It’s possible that they were in contact with the hacker after that point and that he tricked them into downloading something they shouldn’t have.
Otherwise, it’s also possible that there is an exploit in Apex/Source that the hacker used. He may have been able to get their IP during the public match a month ago and then use it to target them during the competition.
Beyond what was seen during the competition, the hacker was also able to gift thousands of Apex packs to several players (seemingly without paying for them) and was able to get 40+ “bot” players into a single match and to all target an individual player. He also claimed to be able to open crates on another player’s account. These other exploits seem to indicate that he has elevated access to both the server and to multiple APIs, but none of them indicate elevated access to user machines in general.
merthyr1831@lemmy.world 7 months ago
anarchy79@lemmy.world 7 months ago
In other news, Boeing swears their planes are perfectly safe, and any evidence to the contrary lies at the bottom of the ocean.