CVE-2023-24059: 0-day bug in Riot Games Grand Theft Auto V for PC
Riot Games, the video game developer, and publisher confirmed that it has seen its systems being compromised via a social engineering attack.
The company wrote on its Twitter account: “Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained.”
On January 22, a new vulnerability was tracked as CVE-2023-24059 appeared on the MITRE website and is described as “Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.”
Grand Theft Auto V is a 2013 action-adventure game developed by Rockstar North and published by Rockstar Games. It is the seventh main entry in the Grand Theft Auto series, following 2008’s Grand Theft Auto IV, and the fifteenth installment overall.
A first alert came on January 21, indicating that information about the issue started to spread, the confirmation coming when news about the bug appeared in the public space. There is a major vulnerability in the game, hackers/modders can use it to hack your account and maybe even change your game files/files on your PC.
#GTAOnline PC High Alert⚠️
New extreme exploits have appeared allowing cheaters to remotely add/remove/modify your stats and permanently corrupt your account aka ban/delete.
Avoid playing without a firewall rule or playing at all!🚨
Thanks to @HarryGotTaken for notifying. pic.twitter.com/tyh4tCInML
— Tez2 (@TezFunz2) January 20, 2023
“Rockstar is aware and have been logging any affected account before the first mod menu started abusing the new exploits,” Twitter user TezFunz2 added. Also, TezFunz2 issued a temporary fix for account corruption on PC:
- Delete the “Rockstar Games” folder from the Documents
- Reload the game to refresh profile data
At present, there is no more info about CVE-2023-24059.