Earlier, NVIDIA fixed a critical vulnerability that enabled DoS attacks in its GeForce GPU series. This is the second instance of major vulnerabilities striking the gaming world within last one week. As they all come from different functions, there is no one, clear workaround and they can only be fixed through this patch,” the Cisco Talos blog noted. “Users are encouraged to update to the latest version of GOG Galaxy Games here as soon as possible in order to avoid these vulnerabilities.
The helper tool of the client also contained an information disclosure flaw (CVE-2018-4052), whereby attackers could obtain sensitive information which is only available to a root user.
#Gog galaxy malware install#
Steps to reproduce: Install GOGGalaxy ( and try to download a game via the client. It disabled game downloads for GOG Galaxy users. Similarly, the helper tool on GOG for macOS also had a privilege escalation flaw (CVE-2018-4051). Hi guys Malwarebytes started blocking communications with GOG CDN as seen in the Logs below. The privilege escalation flaws could be exploited from the ‘Temp’ directory (CVE-2018-4048), ‘Games’ directory(CVE-2018-4049) and a helper tool(CVE-2018-4050) when GOG Galaxy was installed on Windows systems.Out of this, four were privilege escalation flaws followed by an information disclosure and a denial-of-service(DoS) vulnerability. A total of six major vulnerabilities were identified in GOG Galaxy.It was reported that the version 1.2.48.36 of GOG Galaxy had these issues. Security researchers Richard Johnson and Tyler Bohan of Cisco Talos discovered these flaws existing in the client. GOG Galaxy, a popular gaming client which allows users to buy games and run them on a desktop, was found to have multiple security vulnerabilities. Security researchers from Cisco Talos identified the flaws in this platform.The gaming client was found to have multiple privilege escalation flaws that could allow attackers to overwrite applications and launch arbitrary codes.
0 kommentar(er)
