Pulse Security consultant Denis Andzakovic discovered a critical vulnerability in the popular Untitled Goose Game.
The Australian developer from House House released the Untitled Goose Game on September 20 of this year, and the game began quickly gained popularity – in the first two weeks alone, more than 100 thousand copies were sold.“Since Australian developer from House House released the game on September 20, it has inspired countless memes and allowed thousands of people to unleash their inner jackass goose. The wildly popular game allows players to stir shit up in a quaint British town. The appeal of the game hinges on the undeniable fact that geese are jerks and deep down, we all want to be jerks to strangers. It’s cathartic. Honk!”, — not holding back describes the game Jennings Brown, Senior editor and reporter at Gizmodo.
Untitled Goose Game
However, according to Pulse Security consultant Denis Andzakovic, many people who played Goose were exposed to a code execution vulnerability that potentially allowed hackers to hide malicious code in the game’s save files so that they could run the software without user authorization.
A timeline published by Pulse Security states that the firm informed House House of the vulnerability on October 7th.
Read also: Syrk ransomware attacks cheaters in Fortnite
Vulnerability exists due to unsafe deserialization in the bootloader of the saved game. An attacker that controls the game saved by the victim can exploit malicious code when it is downloaded.
“This exploit only adds an extra dimension of authenticity to the game. If the goose in the game were real and could use a keyboard, it would definitely make the dick move of hacking the Untitled Goose Game. if you’ve been simulating the experience of being a mischievous goose, it’s a good idea to update your shit before someone uninvited crashes the party”, — writes Jennings Brown.
On October 22, House House announced a hotfix release. Users are strongly advised to install the update to avoid potential cyberattacks.
