They told me that the bug potentially could not only break in-game systems, but in theory could also be used to access someone's PC, depending on the permissions that Amazon runs New World on. Like they would teach you not to do this in a f*cking high school web dev class." "It's hard to understate how incompetent this is.
"Every developer at Amazon Game Studio should be ashamed of themselves for letting this go live," said an IT Risk Consultant. While Amazon has claimed this is not the case, there is overwhelming evidence and examples of players doing this at this point. New World players discover potentially game-breaking code injection exploitsįor those who missed it, New World players Josh Strife Hayes and Callum Upton discovered on Friday that the text boxes in the game are HTML, and that the text is not sanitized, which in short means you can run client-side code in any text box in the game. Not only is direct code injection possible in every text box in the game, but also the developers appear to be clueless when it comes to fixing the issue. Original Article: We are still learning new things about the potential dangers of the New World exploit that was discovered on Friday, and the situation may be worse than we initially thought.
It still leaves many questions about why their servers take direct user inputs. Update : According to a comment from Amazon on New World forums, New World is not client authoritative, which means your PC should be safe.
0 kommentar(er)
