Update 10:09 UTC, 19/03/24 — the official EOS Status account on X posted this:
We have investigated recent reports of a potential RCE issue in Apex Legends, which we have confirmed to be unrelated to Easy Anti-Cheat. We are confident THERE IS NO RCE vulnerability within EAC being exploited.
Update 16:28 UTC, 18/03/24 — Easy Anti-Cheat release a statement on X:
We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed
So it's likely then that the issue is within Apex Legends directly. Will update when we have more info.
Original article below:
Good Morning. Some interesting industry news for you here, as it seems Apex Legends has something of a hacker problem right now that has even messed up the Global Series esport tournament.
Announced by the official Apex Legends Esports account on X they said:
Due to the competitive integrity of this series being compromised, we have made the decision to postpone the NA finals at this time. We will share more information soon.
There's a few videos going around (#1, #2) showing mid-match cheats suddenly happening to pro players during the tournament. According to the Anti-Cheat Police Department account on X (a volunteer group):
PSA: There is currently an RCE exploit being abused in @PlayApex. It is unsure whether it comes from the game or the actual anti-cheat (@TeddyEAC). I would advise against playing any games protected by EAC or any EA titles once they have fixed this or can comment. Currently, the RCE is being abused to inject cheats into streamers machines, which means they have the capabilities to do whatever, like installing ransomware software locking up your entire PC.
Even though Linux is quite different to Windows, it's probably still best to avoid Apex Legends until the issue is resolved. While a lot of cheats and most malware / ransomware is designed for Windows - it still pays to be careful.
At time of writing neither EA nor Respawn have put up a statement on it.
This could end up being a problem for Linux and Steam Deck players too. Currently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks. We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.
Currently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks. We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I would not be at all surprised if this is exactly what happens. I don't play Apex Legends, but it would be sad to see one of the most popular multiplayer games that works on Linux go that way.
Wine is meant to be compatible with Windows software—including malware. While EAC doesn't have kernel-level access on Linux like it does on Windows, a RCE exploit would still be bad.
Anyway.
Like, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.
Now, however, a virus can much more easily spread on Linux through Steam game binaries (or flatpak etc) because they are readily writable. That's a security compromise to get the free-for-all windows-ism convenience.
And don't get me started on flatpak and the like.
Like, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.
I don't understand how that helps. If you as an attacker are able to write on the disk, you only need user privileges to write an executable anywhere under $HOME, mark it as executable and run it. You can even add it to a user-specific startup-script to execute it after each reboot. Is there anything I am missing?
Currently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks.And that's anti-cheat in a nutshell.
We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I'm sure that's what they're angling for. The current industry claim is that Linux is too small of a market but allowing Linux users to play creates masses of cheating that didn't exist otherwise, after all.
Makes me wonder if a lot of the top cheats are made by competing anti-cheat vendors trying to nobble the competition . . .Currently Apex Legends uses Easy Anti-Cheat, which clearly isn't defending against these attacks.And that's anti-cheat in a nutshell.
We've seen other EA published titles move over to EA AntiCheat, which blocks Linux, so hopefully EAC will combat it and we don't get left with another broken game that moves over to EA's own tech for it.I'm sure that's what they're angling for. The current industry claim is that Linux is too small of a market but allowing Linux users to play creates masses of cheating that didn't exist otherwise, after all.
Running AC code on boot doesnt make it better either, in fact, thats worse.
RCE is a big issue so i hope it gets fixed, but I wont be surprised if all this is intentional by EA to make easyAC look bad.
Don't know if you've noticed, but recently (as in past decade), a lot of windows-isms have crept into Linux, which provide "convenience" while compromising on what makes Linux actually good.
Like, other than for Steam (and maybe a few downloaded software off the net), you (normal users, not devs) don't really have _executables_ lying around in your $HOME. Before, we were protected from viruses mostly through the mere fact that we don't log in as root (unlike windows), and our executables are only root-writable.
Now, however, a virus can much more easily spread on Linux through Steam game binaries (or flatpak etc) because they are readily writable. That's a security compromise to get the free-for-all windows-ism convenience.
And don't get me started on flatpak and the like.
For the record -and as much as it pains me to admit it- Windows has had much better permission management than Linux for decades now. ACLs are actually usable on NTFS and non-root account has been the default since at least windows XP (you can do "root" actions from your normal account but that requires validation, just like sudo on linux).
Ignorance, convenience (laziness) and widespread use are the reasons so many Windows devices are compromised, rather than the OS itself. There are plenty of valid reasons not to use Windows (privacy, lackluster terminal, drm, ties to online services, ...), so let's not make up fallacious ones which only make us look ignorant.
For the record -and as much as it pains me to admit it- Windows has had much better permission management than Linux for decades now. ACLs are actually usable on NTFS and non-root account has been the default since at least windows XP (you can do "root" actions from your normal account but that requires validation, just like sudo on linux).
How are these Windows permission management features much better than their Linux equivalents? Are there relevant studies, or maybe some solid metrics you used to rank them yourself? Or did you base your claim on something else entirely?
How are these Windows permission management features much better than their Linux equivalents? Are there relevant studies, or maybe some solid metrics you used to rank them yourself? Or did you base your claim on something else entirely?
POSIX ACLs use the group permission as mask, this means non-ACL-aware programs can completely screw up permissions by changing what they believe to be something different. It is also impossible to set a default ACL that allows traversing directories but not executing files. There is also very little support for ACLs, you're pretty much stuck with "setfacl". Meanwhile, on Windows, you get a complete and robust tool by right clicking any file/folder.
It gets worse if you try to manage permissions over a large group of devices. Windows has Active Directory, on Linux you can sort of achieve something similar by slapping together LDAP and a bunch of other softwares but it's nowhere near as complete or easy to setup.
One point on which Linux is more advanced though is containerisation/sandboxing. Going back to the original topic, running steam through some sort of sandbox (flatpak, snap, appimage, firejail) could, in theory, limit the damage a RCE could do (disclaimer: as with all thing security, it's more complicated than just "use this and it's safe" so do your own research).
For the record -and as much as it pains me to admit it- Windows has had much better permission management than Linux for decades now. ACLs are actually usable on NTFS and non-root account has been the default since at least windows XP (you can do "root" actions from your normal account but that requires validation, just like sudo on linux).Having had to administrate Windows systems for about 2 decades of my 3 decades in IT, I have to disagree. NTFS/AD permissions are an absolute car crash and since I now work in security, I can also state that an absolutely enormous part of my job is dealing with the fallout of how badly Microsoft failed at "identity" across those decades. Same mistakes over and over - domain admin is now global admin and the cycle of failure repeats.
As for AD vs a "cobbled together LDAP on Linux" - I think you look under the hood, you'll see that AD itself is a cobbled-together-LDAP. Indeed, the early days of AD, you could assume it was LDAP and just use LDAP strings to query it. Same port, even. Then Microsoft did their whole EEE thing, and now it's its own beast.
Everything has gone further to shit with Entra ID now - instead of juggling multiple ADs onsite, you now have connectors to Azure to handle too. It's a mess. It might feel more intuitive on an estate of 100 or less nodes, but at over 2000 you need IAM tools to manage it, or you're screwed.
God I hate Microsoft products so much. My entire professional life has been cursed to limit their awfulness.
How are these Windows permission management features much better than their Linux equivalents? Are there relevant studies, or maybe some solid metrics you used to rank them yourself? Or did you base your claim on something else entirely?
POSIX ACLs use the group permission as mask, this means non-ACL-aware programs can completely screw up permissions by changing what they believe to be something different. It is also impossible to set a default ACL that allows traversing directories but not executing files. There is also very little support for ACLs, you're pretty much stuck with "setfacl". Meanwhile, on Windows, you get a complete and robust tool by right clicking any file/folder.
It gets worse if you try to manage permissions over a large group of devices. Windows has Active Directory, on Linux you can sort of achieve something similar by slapping together LDAP and a bunch of other softwares but it's nowhere near as complete or easy to setup.
One point on which Linux is more advanced though is containerisation/sandboxing. Going back to the original topic, running steam through some sort of sandbox (flatpak, snap, appimage, firejail) could, in theory, limit the damage a RCE could do (disclaimer: as with all thing security, it's more complicated than just "use this and it's safe" so do your own research).
Okay. I hear you. I'm not convinced that Windows is better at this stuff than Linux, as my experiences differ from yours and so does the research I've read on the subject. I guess these things are complicated enough that people will disagree. And the implementations are certainly different under the hood.
I'm not going to debate this any further, simply because this is too close to stuff I have to worry about at work. Windows is bleak enough to think about even when I'm being paid for it.
I will say that the only relevant thing to this discussion is the security of the typical gaming setup on Linux vs one on Windows. Optional enterprise features aren't going to come into play.
See more from me