All Blizzard Games were vulnerable to a (now-fixed) DNS exploit | PCGamesN

All Blizzard Games were vulnerable to a (now-fixed) DNS exploit

Orisa Overwatch

All Blizzard games were, until last night, vulnerable to DNS rebinding. World of Warcraft, Overwatch, and Hearthstone, among others, all put players at risk of exploitation, according to a Google researcher.

Here's everything we know about the Overwatch League.

A DNS rebinding vulnerability is a form of attack in which a malicious web page causes users to run a client-side script affecting other machines on a network. According to Google vulnerability researcher Travis Ormandy, up until yesterday, all Blizzard games were vulnerable to this kind of attack.

Ormandy first reported the vulnerability on December 8, 2017. At that point, Blizzard were using a custom authentication scheme to verify users came from a legitimate source, but Ormandy claimed any website could create a DNS name that was authorised to communicate with Blizzard, in theory allowing any website to send privileged commands.

Ormandy sent his findings, which you can view in their entirety here, to Blizzard on December 9, but the company stopped communicating with him after December 22. The vulnerability has now been patched, and according to a Blizzard developer, a further, more secure update “will deploy soon.”

Sign in to Commentlogin to comment