Respawn says Titanfall 2 exploit that led to panicked uninstalls probably isn't that serious

Image for Respawn says Titanfall 2 exploit that led to panicked uninstalls probably isn't that serious
(Image credit: EA)

Earlier today, players in Discord communities and on Steam forums began warning that Titanfall 2 had been compromised by a bug allowing "local code execution from the server", and advising everyone to uninstall it. The @Titanfall4Ever Twitter fan account urged players to not to launch the game and even to delete it to be safe.

Respawn has since begun investigating the claim, and says it doesn't think there's anything serious to worry about, although someone may be able to use the exploit to crash your game until a fix has been deployed.

Servers for both Titanfall games have long been plagued by attacks, rendering the first game essentially unplayable, which Respawn has been unable to fix so far. Hackers targeted Titanfall as well as Apex Legends as part of a bizarre scheme to revive a free-to-play spin-off. You can see why players would be concerned enough to investigate this security flaw themselves.

According to a player named Blueghost, the problem was due to a "size cap" on a temporary file used for game invites. "If the username of the person who invited you is larger than that size cap, it'll start overwriting other files to save the name," Blueghost wrote. "Once it gets outside of that specific temporary file, though, your computer starts treating it as executable code instead of a username." 

This kind of buffer overflow vulnerability is fairly common in software, and Source Engine games like CS:GO, Portal 2, Team Fortress 2, were affected by a similar exploit in 2017. The suggestion that you should immediately uninstall Titanfall 2 because of the bug, however, may have been premature.

"Our engineers believe that we're dealing with a simple exploit that can be used to crash games," Respawn said on Twitter. "We do not believe there are any more serious risks to affected players or their machines."

Respawn's director of communications Ryan K. Rigney was a little more frank, indirectly calling the claims "bullshit" when he said, "Today I learned about Brandolini's law: The amount of energy needed to refute bullshit is an order of magnitude larger than to produce it." 

The original tweet from @Titanfall4Ever, which declared that everyone should "delete Titanfall 2", has itself been deleted, and the account thanked Respawn for investigating the issue. "Update: you don’t need to uninstall the game", it said.

Jody Macgregor
Weekend/AU Editor

Jody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games. He's written for Rock Paper Shotgun, The Big Issue, GamesRadar, Zam, Glixel, Five Out of Ten Magazine, and Playboy.com, whose cheques with the bunny logo made for fun conversations at the bank. Jody's first article for PC Gamer was about the audio of Alien Isolation, published in 2015, and since then he's written about why Silent Hill belongs on PC, why Recettear: An Item Shop's Tale is the best fantasy shopkeeper tycoon game, and how weird Lost Ark can get. Jody edited PC Gamer Indie from 2017 to 2018, and he eventually lived up to his promise to play every Warhammer videogame.