A potentially serious security vulnerability has been uncovered in Marvel Rivals, raising concerns about player safety. While the game has enjoyed considerable popularity since its release, even earning praise for recent developer decisions, it’s not without its share of problems. Beyond optimization issues, unskippable animations, and various bugs, a more alarming flaw has come to light.
YouTuber shalzuth has revealed a security exploit that could potentially give hackers access to players’ computers. Shalzuth was careful to emphasize that his intention isn’t to spread fear, but rather to highlight the importance of secure patching and hotfix development for game developers.
Without divulging the specific technical details, shalzuth explained that the exploit lies within the game’s patching system. This system, designed to allow developers to update the game on players’ devices, contains a flaw that could enable malicious actors to execute code remotely – a serious vulnerability known as Remote Code Execution (RCE).
In a demonstration video, shalzuth set up a test environment using two laptops: his gaming laptop and a travel laptop. Using an “exploit tool” and injecting a Python script, he was able to gain control of the travel laptop as soon as it connected to the Marvel Rivals server. “At this point, my laptop is owned,” he explained, “it’s sending all my passwords to some malicious user.”
Shalzuth also pointed out that Marvel Rivals lacks proper verification methods to ensure players are connecting to legitimate game servers. This, coupled with the game’s use of administrator privileges for anti-cheat purposes, makes it easier for a malicious user to inject Python code.
While this vulnerability is undoubtedly concerning, there are limitations. Shalzuth suggests that the exploit likely requires the attacker and the victim to be on the same Wi-Fi network. This means players in public spaces like cafes and schools could be particularly vulnerable.
