Tuesday, January 23, 2018

News:: Blizzard games were vulnerable to a remote hijacking exploit

Fans of Blizzard games might have dodged a bullet. Google security researcher Tavis Ormandy has revealed that virtually all the developer's titles (including Overwatch and World of Warcraft) were vulnerable to a DNS rebinding flaw that let sites hijack the Blizzard Update Agent for their own purposes. Intruders had to do little more than create a hostname their site was authorized to communicate with, make that resolve to the target of their choice (such as the victim's PC) and send requests to the agent. From there, they could install malicious files, use network drives or otherwise create havoc.

Via: Tavis Ormandy (Twitter)

Source: Chromium.org



via Engadget RSS Feedhttps://www.engadget.com/2018/01/23/blizzard-games-were-vulnerable-to-remote-hijacking-exploit/