A vulnerability in Blizzard software could lead to major problems for players in WoW, Overwatch, Hearthstone, Diablo 3, or the PC version of Destiny 2. The software from Blizzard can be hacked via JavaScript.
This must be quite embarrassing for Blizzard. Google’s Project Zero security researchers were able to uncover a significant issue with the Battle.net app. Apparently, the software that installs all Blizzard games on PC has a huge security problem.
Blizzard Update Agent is likely to have a vulnerability
Part of the Battle.net app is the Blizzard Update Agent, which runs in the background and usually ensures that games (World of Warcraft, Overwatch, Hearthstone, Diablo 3, Destiny 2) are kept up to date. Patches and updates are downloaded and installed through it.
Through a hacking method known as DNS Rebinding, hackers could exploit this software – simply through JavaScript commands.
Simply visiting an infected website is enough to gain access to the user’s computer. Due to the extensive permissions of the Update Agent, hackers could easily carry out uninstallations and other commands that should actually be reserved for admins.
It has even been proven that through this vulnerability hackers would be able to cause the software to change the paths of downloads and subsequently download malicious files independently.
Blizzard is already working on a solution
Blizzard has been aware of this issue since December. Since then, Blizzard has been working on a solution, which will be implemented with one of the upcoming patches for the Battle.net software.
A temporary hotfix for damage limitation is already in place. Blizzard has now activated a blacklist for such requests, which is intended to temporarily intercept harmful requests.
Until the issue is resolved, you should perhaps avoid unusual sites that others recommend. Although… just don’t visit any unusual sites.
