Earlier today, players in Discord communities and on Steam forums began warning that Titanfall 2 had been compromised by a bug allowing "local code execution from the server", and advising everyone to uninstall it. The @Titanfall4Ever Twitter fan account urged players to not to launch the game and even to delete it to be safe.
Respawn has since begun investigating the claim, and says it doesn't think there's anything serious to worry about, although someone may be able to use the exploit to crash your game until a fix has been deployed.
Servers for both Titanfall games have long been plagued by attacks, rendering the first game essentially unplayable, which Respawn has been unable to fix so far. Hackers targeted Titanfall as well as Apex Legends as part of a bizarre scheme to revive a free-to-play spin-off. You can see why players would be concerned enough to investigate this security flaw themselves.
- A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
- An FPS studio pulled its game from Steam after it got caught linking to malware disguised as a demo, but the dev insists it was actually the victim of a labyrinthine conspiracy
According to a player named Blueghost, the problem was due to a "size cap" on a temporary file used for game invites. "If the username of the person who invited you is larger than that size cap, it'll start overwriting other files to save the name," Blueghost wrote. "Once it gets outside of that specific temporary file, though, your computer starts treating it as executable code instead of a username."
This kind of buffer overflow vulnerability is fairly common in software, and Source Engine games like CS:GO, Portal 2, Team Fortress 2, were affected by a similar exploit in 2017. The suggestion that you should immediately uninstall Titanfall 2 because of the bug, however, may have been premature.
"Our engineers believe that we're dealing with a simple exploit that can be used to crash games," Respawn said on Twitter. "We do not believe there are any more serious risks to affected players or their machines."
Respawn's director of communications Ryan K. Rigney was a little more frank, indirectly calling the claims "bullshit" when he said, "Today I learned about Brandolini's law: The amount of energy needed to refute bullshit is an order of magnitude larger than to produce it."
The original tweet from @Titanfall4Ever, which declared that everyone should "delete Titanfall 2", has itself been deleted, and the account thanked Respawn for investigating the issue. "Update: you don’t need to uninstall the game", it said.
