Update 10:09 UTC, 19/03/24 — the official EOS Status account on X posted this:
We have investigated recent reports of a potential RCE issue in Apex Legends, which we have confirmed to be unrelated to Easy Anti-Cheat. We are confident THERE IS NO RCE vulnerability within EAC being exploited.
Update 16:28 UTC, 18/03/24 — Easy Anti-Cheat release a statement on X:
We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed
So it's likely then that the issue is within Apex Legends directly. Will update when we have more info.
Original article below:
Good Morning. Some interesting industry news for you here, as it seems Apex Legends has something of a hacker problem right now that has even messed up the Global Series esport tournament.
Announced by the official Apex Legends Esports account on X they said:
Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon.
There's a few videos going around (#1, #2) showing mid-match cheats suddenly happening to pro players during the tournament. According to the Anti-Cheat Police Department account on X (a volunteer group):
PSA: There is currently an RCE exploit being abused in @PlayApex. It is unsure whether it comes from the game or the actual anti-cheat (@TeddyEAC). I would advise against playing any games protected by EAC or any EA titles once they have fixed this or can comment. Currently, the RCE is being abused to inject cheats into streamers machines, which means they have the capabilities to do whatever, like installing ransomware software locking up your entire PC.
Even though Linux is quite different to Windows, it's probably still best to avoid Apex Legends until the issue is resolved. While a lot of cheats and most malware / ransomware is designed for Windows - it still pays to be careful.
At time of writing neither EA nor Respawn have put up a statement on it.
This could end up being a problem for Linux and Steam Deck players too. Currently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks. We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.
Article taken from GamingOnLinux.com.
pleasereadthemanual Mar 18
QuoteCurrently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks. We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I would not be at all surprised if this is exactly what happens. I don't play Apex Legends, but it would be sad to see one of the most popular multiplayer games that works on Linux go that way.
Wine is meant to be compatible with Windows software—including malware. While EAC doesn't have kernel-level access on Linux like it does on Windows, a RCE exploit would still be bad.
Like, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.
Now, however, a virus can much more easily spread on Linux through Steam game binaries (or flatpak etc) because they are readily writable. That's a security compromise to get the free-for-all windows-ism convenience.
And don't get me started on flatpak and the like.
Quoting: ShabbyXLike, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.
I don't understand how that helps. If you as an attacker are able to write on the disk, you only need user privileges to write an executable anywhere under $HOME, mark it as executable and run it. You can even add it to a user-specific startup-script to execute it after each reboot. Is there anything I am missing?
QuoteCurrently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks.And that's anti-cheat in a nutshell.
QuoteWe've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I'm sure that's what they're angling for. The current industry claim is that Linux is too small of a market but allowing Linux users to play creates masses of cheating that didn't exist otherwise, after all.
Quoting: PenglingMakes me wonder if a lot of the top cheats are made by competing anti-cheat vendors trying to nobble the competition . . .QuoteCurrently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks.And that's anti-cheat in a nutshell.
QuoteWe've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I'm sure that's what they're angling for. The current industry claim is that Linux is too small of a market but allowing Linux users to play creates masses of cheating that didn't exist otherwise, after all.
Patreon
PayPal
See more from me