Players of the MMO TERA are in an uproar this week because of a newly-discovered exploit with some very serious potential uses, including remote execution of malicious code through the in-game chat. That means – in theory – someone could remotely install malware on your computer simply by being logged in at the same time as you.
These are the best MMOs on PC.
Developers En Masse Entertainment have responded by completely disabling all chat function, aside from guild chat, until the exploit can be properly fixed.
As players on Reddit have lined out, TERA’s chat interface makes use of HTML, which opens up all sorts of potential problems. Sending an external image through could allow someone to collect the IP address of anyone on a server. Alternatively, measures could be taken to crash people’s game clients, or potentially even delete their characters and items.
Most seriously, the exploit could allow code to be executed, including any kind of malware – viruses, keyloggers, spyware, and more. Concerningly, it seems this exploit has been theoretically possible for a very long time – possibly years – and the specifics of its potential impact are only now coming to light.
En Masse say that “as of this time, we have no evidence that the vulnerability is being exploited in these ways or that any player information has been compromised.” With chat disabled the issue should be mitigated for now, but proceed with caution if you’ve logged into TERA in recent days.