Nearly every Blizzard title was susceptible to a major security vulnerability, it was recently revealed.
Google security researcher Tavis Ormandy detailed the vulnerability, saying it was tied to the Blizzard Update Agent. The vulnerability involved a DNS rebinding flaw that would let sites hijack the Agent, allowing them to install malicious files or use network drives connected to a PC running the program.
All Blizzard games (World of Warcraft, Overwatch, Diablo III, Starcraft II, etc.) were vulnerable to DNS rebinding vulnerability allowing any website to run arbitrary code. 🎮 https://t.co/ssKyxfkuZo
— Tavis Ormandy (@taviso) January 22, 2018
The Update Agent was connected to most of Blizzard’s titles, including Overwatch and World of Warcraft.
Blizzard’s been in touch with Ormandy, detailing a “more robust” fix that will apply a Blizzard-only whitelist to the Agent, plugging the security hole.
What do you make of this news?
This article may contain affiliate links, meaning we could earn a small commission if you click-through and make a purchase. Stevivor is an independent outlet and our journalism is in no way influenced by any advertiser or commercial initiative.
