iPhone 14 Wish List 'House of the Dragon' Review Xbox Game Pass Ultimate Review Car Covers Clean Your AirPods 'The Rehearsal' on HBO Best Smart TV Capri Sun Recall
Want CNET to notify you of price drops and the latest stories?
No, thank you

Critical flaw found in game software

A hole in the "Unreal" game engine could let attackers take over vulnerable computers.

A security researcher warned Tuesday of a "critical" flaw in a widely used piece of game software that could let attackers take over vulnerable PCs.

Security company Secunia issued a bulletin warning of the flaw in some versions of the "Unreal" game engine, used by numerous PC games. Most game publishers using the engine have already issued patches, however, to plug the hole.

According to the bulletin, malicious hackers could send a string of junk data to the security tool the Unreal engine uses to verify online game servers. Once the security tool was compromised by such a "buffer overrun," the attacker would be able to execute code at will on the machine.

Games affected by the flaw include five versions of "Unreal," all of which are secured by patches released last week, plus shooting games "Postal 2" and "Deus Ex," also fixed by recent patches.

The flaw was discovered by independent security researcher Luigi Auriemma, whose work has played a major role in publicizing online gaming as a possible vector for security threats. Auriemma discovered several flaws in software used by GameSpy, a popular online game-hosting service, and fought with the company to publicize the holes.

As they develop more online capabilities, games have become an increasingly popular avenue for online miscreants. A recently patched flaw in the shooting game "Half-Life" and its popular online offshoots opened a door for denial-of-service attacks, while the GameSpy service and software have been the subject of several security alerts.