Just last week, Ormandy revealed a similar vulnerability in a popular Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users' computers and take control of them.īy simply creating a DNS entry to bind any attacker-controlled web page with localhost (127.0.0.1) and tricking users into visiting it, hackers can easily send privileged commands to the Blizzard Update Agent using JavaScript code.Īlthough a random website running in a web browser usually cannot make requests to a hostname other than its own, the local Blizzard updater service does not validate what hostname the client was requesting and responds to such requests.īlizzard DNS Rebinding Attack - Proof of Concept Exploit Google's Project Zero team researcher Tavis Ormandy discovered that the Blizzard Update Agent is vulnerable to a hacking technique called the " DNS Rebinding" attack that allows any website to act as a bridge between the external server and your localhost. To play Blizzard games online using web browsers, users need to install a game client application, called ' Blizzard Update Agent,' onto their systems that run JSON-RPC server over HTTP protocol on port 1120, and " accepts commands to install, uninstall, change settings, update and other maintenance related options." Played every month by half a billion users-World of Warcraft, Overwatch, Diablo III, Hearthstone and Starcraft II are popular online games created by Blizzard Entertainment. A Google security researcher has discovered a severe vulnerability in Blizzard games that could allow remote attackers to run malicious code on gamers' computers.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |