CD Projekt Red has released Hotfix 1.12 for Cyberpunk 2077 on PC, fixing a security flaw that was enabled through the modding tools recently made available for the game.
Hotfix 1.12 is now available on PC!
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
– Fixed a buffer overrun issue.
– Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf
— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
The company had earlier this week advised against using mods from “unknown sources” – AKA all mods – after the discovery of an issue that turned them into a security risk. The game would allow external DLL files to be used as a way to execute remote code and… well… do some sneaky hacking. Not the sexy Cyberpunk hacking that exists in the game and role-playing universe, but boring PC hacking where people can exploit your PC and get at your private details and stuff.
Hotfix 1.12 has now been released and fixes this in two key ways:
- Fixed a buffer overrun issue
- Removed/replaced non-ASLR DLLs.
CD Projekt Red simply cannot catch a break right now, with problem after problem following the release of Cyberpunk 2077 in early December – and all the crunch and workplace issues that led up to that, of course.
With lawsuits hanging over them for the shonky state of the game at release and lack of transparency, the company has committed to a string of updates in 2021. The first of these arrived in January, intended to stamp out crashes, bugs, glitches and issues, and to improve performance on base PlayStation 4 and Xbox One (so that they can get Cyberpunk 2077 back onto the PlayStation Store). This forced CDPR to delay the free DLC that was planned for the start of this year, as well as postpone the PS5 and Xbox Series X|S upgrades to later in 2021.
The last thing they really needed was to start introducing new issues, which is exactly what’s happened with mods. It took just a matter of days after the Cyberpunk 2077 modding tools were released for this to be used for swapping character model so that you could have ‘joytoy’ sex with Keanu Reeve’s character Johnny Silverhands. That went a bit far for CDPR’s liking (and probably Keanu’s as well), with the company stepping in and saying that any such use of a real person’s character model must first be authorised by them.
So, uncovering a major exploit through trying to do something nice for the community and then having to scramble to fix it is just another week in the life of CDPR right now…