author: Bart Swiatek
Cyberpunk 2077 Has a Serious Security Gap [UPDATED]
Modder PixelRick discovered a dangerous vulnerability in Cyberpunk 2077 that, if we install a mod with malicious code, could allow a hacker to take control of a player's computer.
Update:
CD Projekt RED confirmed the existence of the vulnerability described in yesterday's reports and said that the issue will be addressed as soon as possible.
Original message:
IN A NUTSHELL:
- A vulnerability found in Cyberpunk 2077 could enable a hacker to take control of our computer if we install a mod with malicious code;
- The threat also affects the PlayStation 4 console;
- The developers have been informed of the problem.
It seems that mods for Cyberpunk 2077 can take advantage of a dangerous vulnerability that, in theory, may enable hackers to take control of a player's computer when they copy a file with malicious code to the game's directory. The problem was discovered by user PixelRick, who is a member of the Red Tools Team. He informed both the modding community and the developers at CD Projekt RED about his discovery (unfortunately the vulnerability was not addressed in the latest update, although the developers have known about it for a week).
Mods from reliable sources should be safe, but caution is advised when downloading brand new stuff, as well as other users' saved game states. Be especially careful when downloading files from unknown websites or links provided in various comments. Interestingly, the threat may also apply to the PlayStation 4 console (although to a much more limited extent).
Eliminating the vulnerability is really simple - changing one of the values from 511 to 255 is enough - so we can expect that sooner or later we'll get a patch. A temporary solution to the problem might be to install the latest version of the CyberEngineTweaks mod, which you can find on GitHub (of course, you do it at your own risk), but the safest thing to do is to avoid Cyberpunk 2077 mods, at least for some time.