Untitled Goose Game vulnerability could have let hackers booby-trap your game

BTW

A cybersecurity company says a vulnerability in the highly popular Untitled Goose Game could have let hackers sabotage your save file.

In a Tuesday blog post from New Zealand-based cybersecurity firm Pulse Security, researcher Denis Andzakovic explains how the mechanism for loading a saved game was vulnerable to code execution.

This means that a hacker could alter your save file and convince your computer to run malicious code once the game has been loaded. A hacker would, however, already need to access to your computer and save file to carry out the attack.

Pulse Security notes that it first alerted the game’s developer, House House, to the issue on Oct. 7. The developer responded two days later before releasing a patch for the vulnerability on Oct. 22.

While it’s unlikely that the bug was exploited in the wild, such a vulnerability seems somewhat fitting for a game centered around creating mayhem and chaos.

For those unfamiliar, Untitled Goose Game allows players to wreak havoc on an unsuspecting village and its inhabitants as a mischievous goose.

The game, which sold more than 100,000 copies within two weeks of being released, has since become a cultural phenomenon and spawned a slew of chaotic goose-themed memes.

READ MORE:

H/T Gizmodo

Mikael Thalen

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.