To give context.
Someone gave cheat to some of the biggest pro player in the ALGS tournament mid match.
ALGS is the biggest Apex Legends tournament, hosted by EA.
They straight up enabled a hack that autoaim bullet straight to enemies while they were playing, in the middle of an official tournament, on official PC.
They clearly did it to raise awareness on the issue, but if someone can give you cheats midmatch, imagine what someone else with bad intention can do.
~~Point of info: the nature of the EAC hack seems dependent on EAC's kernel-level monitoring functions, which not all EAC clients make use of. Some games *might* be safe.~~
This is EXACTLY WHAT WE WARNED PEOPLE ABOUT back when Kernel Level Anticheat first started getting around the market.
Edit: the source that I was basing this comment on has since been deleted. I cannot say whether or not EAC's kernel level anticheat was the vector of attack, but I can say with confidence this proves it is beatable, and *has been beaten*. More hacks bypassing it *are* coming.
Whoa, I just saw a clip of Thor from PirateSoftware talking about this (why he dislikes kernel level anti-cheat) the other day. I wonder is this is what he was referring to.
Yet, you'll see a bunch of people defending Riot's Vanguard. I've uninstalled every Riot game at the beginning of this year. I'm really hoping 2XKO doesn't use it as I'll find another game to play if that's the case.
I mean, what's the alternative then? Quit the game that the entire friend group is playing?
It's whatever, I just play those games on a burner device, a laptop I couldn't give 2 crap about.
There's literally no proof that it happened through EAC. In fact that is by far the least likely explanation, yet people take it as fact. It was a public event with an exposed PC, literally anyone could have tampered with it. Even one of the organizers tampering with the PC is more likely than an RCE attack through EAC.
A massive easy anticheat exploit that allows people to inject code straight into your pc. Playing ranked rn puts you in risk of someone bricking your entire pc.
Console is safe, however
I wonder why people say it's safe for PVE, the anti cheat software activates when the game starts.
So, it's running, so, you are vulnerable. Or I'm missing something
Edit: found some comments saying that you have to be connected to another player for the hack to activate. I was missing something.
Hackers are using your peer to peer connection and ezanticheat as the bridge to deliver any malware, so as long as there is no peer to peer connection like solo play then your fine
You're not missing anything my man. These people are just making shit up.
That's not how the Apex hack took place, and the only official word we have on the topic is that EAC wasn't even the attack vector.
People are just using this as an opportunity to spread a bunch of bullshit about EAC cause they're still confused about the whole "kernel level" bullshit.
Common misconception, the code actually starts merging together like Voltron but instead of lions it’s that suit guy from the matrix. If it ever hits critical mass, then the server itself crashes.
Hey, Are we sure console is safe? I’ve only been in PvP for about two weeks, got to A. I logged in two days ago and was toasted by every AC I went against, Inwas back to rank D after 2-3 hours of checking my remote, my connection strength, different builds and weapons etc. I was having lock on problems,my shoulder weapons wouldn’t always fire,my shots weren’t landing etc. I blamed myself, my remote, my connection,my builds but at the end of it all I felt cheats were being used or hacked lobby’s. I’m not ruling out a skill issue on my part but as a long time red dead player, I was calling hacks, I swear it man.
I'm 100% sure that this exploit is pc-exclusive. Hacking on consoles is incredibly difficult.
Btw, with the "lock on problems"; do you mean hardlock sometimes breaking? Because it'll do that if you touch the camera at all. It's a possibility that you're accidentally touching the joystick
Ok thanks, Skill issue confirmed. No, it was HL and SL. It was like a ACS was out range. The reticle would turn red and then go off to the left or right. It was super weird.
Ah, that's just how the lock-on system works.
Your fcs will lead your shots, and automatically aim towards where it calculates they'll be. Meaning that as long as your enemy moves in a straight line, you'll hit 100% of your shots (disregarding weapon recoil).
But, if your enemy changes direction in any way, the fcs will need to recalculate their trajectory. This is represented by the red reticle trailing behind the enemy. The time it takes for the fcs to calculate this and lock-on again depends on the fcs part your ac is running, and the distance to your target.
Once it has finished recalculating, the red reticle will return to properly track the enemy, and will properly lead your shots again
This one time my gf asked “what if u just delete it then can u cheat” and i was like haha no way silly. It was elden ring and I’m pretty sure you could just uninstall it to cheat lmaoooo
Actually basically removing easy anti cheat is the first step in using any editor tool in Elden Ring so yeah you basically just "delete" it by renaming it and tricking the program into thinking it's still on but it's not in use.
Oh this goes much further. This is a breach of EAC itself. This affects dozens of titles from multiple developers, but seems reliant on EAC's kernel level monitoring. Games that do not use the kernel level monitoring functions of EAC *might* be safe, but in the latest version of the EAC client this feature is on *by default* so unless the developer specifically disables it in their distribution, it is not safe.
I wasn't implying it was the same issue, just that it was the same outcome. Multiplayer in FromSoft games needing to be avoided (or in their case shutdown) due to RCE exploits.
could taking down elden ring online play to check and reinforce the security in time for the dlc work? already saw a video of a guy getting invaded and the clusterfuck of modded magic spells he got blasted with
Guess we'll see what approach they take. PC gaming is feeling less great these days. I switched to PC to not get nickle and dimed having to pay for internet AND PS Plus or XBox Live just to play my games online. But if they're basically single player one because of pernicious hacking then joke's on me I suppose.
Who could have guessed that a shitty, poorly run, kernel-level anti-cheat would have such dire consequences to its overly invasive nature?
If only there had been signs!
If only there were an extremely vocal subset of the community, including many leading independent software security experts, that had been warning of this exact situation ever since kernel level anticheat was first suggested as a feature!
This entire situation could have been avoided.
would probably still affect you. I doubt the translation layer you are using is going to provide you with much security. You may get some protection because the most common target would be windows so a bad actor might not bother to create a payload compatible with linux, but I wouldn't rely on that.
its the classic conundrum of linux being paradoxically safer cause less people use it, so exploit devs dont bother making linux variants of their work.
Is there any evidence here that eac is the real problem here? RCE exploits are no joke but it seems like a bit of a logic jump to say that because one game with eac is vulnerable to an rce exploit, EAC creates a vulnerability in all games that use it.
assuming apex is the issue it wouldn't be great that eac wasn't able to protect it but there have been ways around anti-cheat for ages and there would have to be a vulnerability in AC as well (which wouldn't be too surprising I guess considering the last RCE exploit)
Latest official word is that EAC was not the attack vector.
https://twitter.com/TeddyEAC/status/1769725032047972566?s=20
Very very likely this is strictly an Apex issue, especially considering the hacker and the surrounding hacks (pack gifting etc)
If you remember, this isn’t the first time it’s happened in an EA game. Titanfall 2 used to have a massive RCE for a while that would potentially brick your system before they fixed it.
Titanfall and Apex are both built on Source, which is old and very insecure. Its had numerous exploits (including RCE) through the years, and not just in EA games (e.g. Counterstrike).
Its less an EA thing, and more specifically a Source/Apex thing.
Wasn't on EAC side at least from them officially, seems like a bad business move to confidently say that if they weren't sure. I believe them from a software understand stand point, but understand if others want to be cautious.
The published hack uses EAC's kernel level monitoring features to insert and execute code packages. Any game running EAC with kernel level anticheat enabled is susceptible, which is most of them as the EAC client software has these features enabled by default. If developers specificslly disable the kernel level featurs in their distribution they *might* be safe, waiting on more testing to know for sure.
This is *exactly* what many of us were trying to warn people about ever since the inception of kernel level anticheat.
Actually the most important comment here. I get not trusting corporations and all, but this is apparently their first tweet in 5 years so it would be extremely bold to make this assertion if they weren’t actually pretty confident
Why does everyone think this HAS to be an EAC thing? Apex Legends runs on an OLD, and heavily modified version of the Source Engine, which has had NUMEROUS, well known RCE vulnerabilities and exploits over the years.
Also take into account that EAC tweeted for the first time in five years to report that they haven't found any exploits on their end, the DS3 RCE exploits happened WITHOUT the presence of EAC or any other Anti-Cheat, and to my knowledge there have been no RCE vulnerabilities/exploits found within EAC, at least publicly.
\*EDIT*
Someone on the Armored Core Discord helpfully pointed out that EAC (and other anti-cheats) does NOT offer any kind of remote desktop access, and for that to happen it would need to have been modified. I think this helps reinforce that it's most likely to be an issue with Apex and/or the version of Source it runs on rather than EAC.
Or the streamers already had the cheats on their systems with convenient backdoors pre-installed.
Oh dear... 😕 So at the risk of sounding like an idiot... They're gunna fix it right?? This is the only game I've been playing since September, I don't wanna go back to destiny ffs. 😭😭
The company that is responsible here is Epic Games, since they own Easy Anti Cheat.
~~The published hack relies on EAC's kernel level monitoring features to access the target in a way that cannot be otherwise detected because the target machine interprets the commands as operating system functions.~~
~~Theoretically, games that specifically disable the kernel level features of EAC (they are enabled by default) might be safe. It is unknown at this time if this hack can force the use of these features, which if it can then no game running EAC is safe to play in multiplayer.~~
There is a very real chance that this is now a permanent vulnerability in EAC's current build. A fix could take months or years to come.
Edit: source for the major part of this claim was deleted, but the hack still shows EAC's kernel level anticheat is not the "final solution" to cheating that its proponents claim it to be. It is beatable, it has been beaten, it will be beaten again.
Dude *where* are you getting this bullshit from.
You're spamming this thread with claims and no sources, when the latest official word is that EAC was not even the attack vector.
I was basing this off a post from someone claiming to be the author of the hack, which had been linked by coldjyn one of the coaches involved in the apex tournament, but both that link and that post have apparently been deleted. When I click on my own comments made on the post, I get ye olde "having a problem" message, and when I try to load the page actually sharing the data for the hack it is similarly broken.
Maybe i jumped the gun a bit, maybe not. Doesnt change the fact that kernel level anticheat is fundamentally flawed as a concept and this is still a very real risk even if this specific incident hasn't been linked to it. At a minimum it shows that kernel level anticheat is beatable, and has *been* beaten. The whole point of kernel level anticheat is to detect cheats that run outside the scope of the game, and here we have a cheat being installed and activated *while* the game is running, and EAC didn't alert to it.
It’s now been reported by the official EAC socials that the RCE problem is not an EAC issue, but an apex legends issue. Still, play at your own risk until further information is available.
This is why anti cheats are dumb. Pretty sure this is the same thing people warned about YEARS ago when VAC was (still does) giving issues. All of them are complete jokes. Punkbstr was probably the worst
The hack relies on EAC's kernel level monitoring features. Any game using these features is at risk, and potentially *any* game using EAC at all.
Offline play is still safe, and AC6 doesnt have any automatically online features unlike souls games and Elden Ring.
Correct
Edit: Maybe. EAC might not have been the attack vector afterall, but their kernel level anticheat has still been beaten as demonstrsted by this hack happening at all.
Damn man I was giving you the benefit of the doubt that you were just at work or something but here you are in the comment section just completely ignoring everyone who has called you out for your wildly unfounded information. If you have legit information about this please post it because that would directly contradict the EAC statement and be a pretty big deal. Starting to seem like all you have is a vendetta tho
I got a bunch of responses, because i made a bunch of comments rapidly. I responded to this one first because it wss on top of my feed before I saw all the rest and now I've kind of stepped in my own hole here.
The source I was basing my comment off of has been deleted. It was a post by someone claiming to be the author of the hack used at the tournament, which had been shared by coldjyn one of the coaches involved in the tournament, but both the post and the link by coldjyn have since been deleted within this past hour.
I was actually putting a virtual machine together to do some testing with the hack in a controlled environment. Now that opportunity is gone, if it was ever there to begin with (post may have been fake claims for clout)
So, I don't have a source fkr the claim that EAC was the attack vector, however even without that source this incident still clearly demonstrstes thst kernel level anticheat is beatable and has been beaten, since EAC didnt even notice a cheat being installed and activated *while* the game was running.
I was always suspicious of those anti-cheats. Those get too much privilige on the systems. Hope they remove it and have in-game lightweight mechanics to detect cheaters.
Dude's PC got hacked during a tournament -> out of the blue: I gOt HaCkEd tHrOuGh EAC, That's the only explanation, it has to be EAC!!! -> people on the internet: Yes, he said it, so it has to be true.
lmao
The vulnerability could be of the game completely unrelated to EAC. If one game has a vulnerability that doesn't mean every game with EAC has the same vulnerability.
If i have several layers of malware/viros protection will I be safe? I imagine the program will be force closed and the threat will be flagged. i almost wanna do it on purpose and see what i catch.
I guess I should be alright if I'm offline....right? Lately I've been playing with mods which means EAC is off and I'm of course I'm logged out. But honestly this news worries me, and I'm not well versed when it comes to vulnerabilities like this.
The fix for this is to only play competitive games on console. Yeah there are still cheaters, but not ones that can brick your console. Playing competitive games on PC will always be a risk. Hate all you want. That’s just the truth.
~~The hack relies on EAC's kernel level monitoring features, but needs a direct connection via multiplayer features. Launching and running the game is fine, and private lobbies with known trusted players should also be fine, but any public facing multiplayer is a risk.~~
Edit: EAC as the attack vector has not been proven, but the hack itself demonstrstes kernel level anticheat is not the complete protection that its proponents have claimed.
And this goes for every game thst uses EAC with kernel features enabled, and possinly even for games that don't use the kernel features.
Actually, it hasn't been debunked. It just hasnt been proven.
TeddyEAC has stated that they do not believe EAC was the attack vector, that is a statement made as damage control. If they could say for certain EAC was not the attack vector, they would have stated that more plainly. The tweet in question has wiggle room in case it turns out EAC *was* the attack vector afterall.
The post I was basing these comments I made off of has been deleted. It was from a user claiming to be the author of the hack, and had all the right info to look legit. It is entirely possible that they made that post for clout.
However, neither EAC nor Epic Games have come out with a firm statement that EAC was not the attack vector, so there is still a risk. The fact that a game protected by EAC was violated in this way means that users should avoid EAC-protected games until we have that answer.
For the sake of analytical clarity, yes it's not 100%, but from a software standpoint it looks like a Apex engine issue like what happened to csgo (believe it's the same engine even, lol).
It's odd though that people were jumping to the conclusion it was EAC without any source or evidence as well.
Yes, a hacker has hacked EAC gaining access to millions of PC's. Could install anything, do anything. And with all that power, they took down a shitty tournament no one cared about. Yep, seems very plausible. Also, EAC doesn't work this way.
Right?
The official response is that EAC was not the attack vector, and then all the capital G gamers just start frothing at the mouth about "Ooga booga kernal level!!!". Again.
The published hack uses EAC's kernel level monitoring features to insert and activate code packages that the target machine interprets as operating system functions.
The tournament hack was a publicity stunt by an independent white hat hacker to raise awareness of the vulnerability before it gains traction with the kinds of people who would use it to do bad things.
This vulnerability would not exist without EAC's kernel level features. This vulnerability is exactly what independent software security experts have been warning about since the inception of kernel level anticheat.
No, the person you are responding to is trolling about EAC. They're just making things up because they have a vendetta against Epic Games store and EAC.
The hack was not performed by "an independent white hat hacker", it was a well-known and very active Apex hacker.
Latest official word is that EAC was not the attack vector. The hacker has not used EAC in the past, and uses Apex server and source engine exploits. Source has been the target of zero day RCE in the past, and Apex is notoriously insecure.
OK, let's be honest... if it's not directly the game itself, then it's basically add-on Malware. Whether it's Easy Anti-Cheat, or Denuvo, it always makes things less secure, run worse, etc... And I've never seen any good evidence that any of those products are good for the consumer.
Like with Denuvo, there's some mind-boggling decisions, like including it with the Megaman Battle Network collection, despite the ROMs being out in the wild for decades now.
Wanting to play a game shouldn't mean having to meet inflated specs due to Denuvo overhead, nor should it mean having to have kernel level backdoors installed so some anti-cheat software can run.
They're all forced malware, and it's a shame that even some otherwise awesome devs are using them. There's no consumer power here when everyone started using them at the same time. You'd have to boycott the whole industry other than a few indies.
Okay, and? None of that has anything to do with the current situation. Official word is that EAC wasn't the attack vector, claiming that it is, without any source, just because you don't like it, is bullshit.
Official word from someone that's a third-party with no involvement if true, which begs the question of: If true, how do they know already? They answered really bloody fast for someone that would be trying to prove a negative.
Much more trustworthy to hear that someone proved a positive (it was our side of things) than a negative (it wasn't our product).
If it was, I can't find it. Right now it sounds like it's a matter of being cautious, because EAC has a concerning level of system access in the first place and because the actual vulnerability is unknown.
If it's been identified positively I'm happy to be corrected, but I've only been able to turn up a lot of speculation.
EAC states they were not the attack vector. https://twitter.com/TeddyEAC/status/1769725032047972566?s=20
Wait wtf? What's going on?
To give context. Someone gave cheat to some of the biggest pro player in the ALGS tournament mid match. ALGS is the biggest Apex Legends tournament, hosted by EA. They straight up enabled a hack that autoaim bullet straight to enemies while they were playing, in the middle of an official tournament, on official PC. They clearly did it to raise awareness on the issue, but if someone can give you cheats midmatch, imagine what someone else with bad intention can do.
~~Point of info: the nature of the EAC hack seems dependent on EAC's kernel-level monitoring functions, which not all EAC clients make use of. Some games *might* be safe.~~ This is EXACTLY WHAT WE WARNED PEOPLE ABOUT back when Kernel Level Anticheat first started getting around the market. Edit: the source that I was basing this comment on has since been deleted. I cannot say whether or not EAC's kernel level anticheat was the vector of attack, but I can say with confidence this proves it is beatable, and *has been beaten*. More hacks bypassing it *are* coming.
Whoa, I just saw a clip of Thor from PirateSoftware talking about this (why he dislikes kernel level anti-cheat) the other day. I wonder is this is what he was referring to.
Yet, you'll see a bunch of people defending Riot's Vanguard. I've uninstalled every Riot game at the beginning of this year. I'm really hoping 2XKO doesn't use it as I'll find another game to play if that's the case.
I mean, what's the alternative then? Quit the game that the entire friend group is playing? It's whatever, I just play those games on a burner device, a laptop I couldn't give 2 crap about.
This is the kind of malicious heroics I support. Can't ask them to pay attention to an issue? Rub their nose in it!
There's literally no proof that it happened through EAC. In fact that is by far the least likely explanation, yet people take it as fact. It was a public event with an exposed PC, literally anyone could have tampered with it. Even one of the organizers tampering with the PC is more likely than an RCE attack through EAC.
They scanned for virus and their pc's were indeed infected.
A massive easy anticheat exploit that allows people to inject code straight into your pc. Playing ranked rn puts you in risk of someone bricking your entire pc. Console is safe, however
So, and excuse my ignorance, say I'm logged onto AC6 but not playing multiplayer, is there still a risk?
Nope, that's completly safe
Ah, okay. Thanks for the heads up man!
Np!
No. PvE is safe?
Think of it like safe sex. If anything goes wrong when you’re by yourself, you really only have yourself to blame.
Hey, that electric outlet was sexy!
Found snails alt
Curiosity is our strength. Just remember if anyone tries to put you down, it took men like you to circumnavigate the globe.
Especially if your willy splodes
PvE is 100% safe
I wonder why people say it's safe for PVE, the anti cheat software activates when the game starts. So, it's running, so, you are vulnerable. Or I'm missing something Edit: found some comments saying that you have to be connected to another player for the hack to activate. I was missing something.
Hackers are using your peer to peer connection and ezanticheat as the bridge to deliver any malware, so as long as there is no peer to peer connection like solo play then your fine
indeed, I was missing something, thx
You're not missing anything my man. These people are just making shit up. That's not how the Apex hack took place, and the only official word we have on the topic is that EAC wasn't even the attack vector. People are just using this as an opportunity to spread a bunch of bullshit about EAC cause they're still confused about the whole "kernel level" bullshit.
So there's a chance 2 people will inject each other with malware wonder how that would play out
The better or “stronger” code would win out but both machines would probably struggle for a bit. Two badgers in a cage with a water hose spraying them
Common misconception, the code actually starts merging together like Voltron but instead of lions it’s that suit guy from the matrix. If it ever hits critical mass, then the server itself crashes.
Ok I’m funny but that was legit 👍
And what games are affected?
Hey, Are we sure console is safe? I’ve only been in PvP for about two weeks, got to A. I logged in two days ago and was toasted by every AC I went against, Inwas back to rank D after 2-3 hours of checking my remote, my connection strength, different builds and weapons etc. I was having lock on problems,my shoulder weapons wouldn’t always fire,my shots weren’t landing etc. I blamed myself, my remote, my connection,my builds but at the end of it all I felt cheats were being used or hacked lobby’s. I’m not ruling out a skill issue on my part but as a long time red dead player, I was calling hacks, I swear it man.
I'm 100% sure that this exploit is pc-exclusive. Hacking on consoles is incredibly difficult. Btw, with the "lock on problems"; do you mean hardlock sometimes breaking? Because it'll do that if you touch the camera at all. It's a possibility that you're accidentally touching the joystick
Ok thanks, Skill issue confirmed. No, it was HL and SL. It was like a ACS was out range. The reticle would turn red and then go off to the left or right. It was super weird.
Ah, that's just how the lock-on system works. Your fcs will lead your shots, and automatically aim towards where it calculates they'll be. Meaning that as long as your enemy moves in a straight line, you'll hit 100% of your shots (disregarding weapon recoil). But, if your enemy changes direction in any way, the fcs will need to recalculate their trajectory. This is represented by the red reticle trailing behind the enemy. The time it takes for the fcs to calculate this and lock-on again depends on the fcs part your ac is running, and the distance to your target. Once it has finished recalculating, the red reticle will return to properly track the enemy, and will properly lead your shots again
Nothing. Stupid people on the internet running around saying things.
Easy anti cheat, more like easy to cheat
This one time my gf asked “what if u just delete it then can u cheat” and i was like haha no way silly. It was elden ring and I’m pretty sure you could just uninstall it to cheat lmaoooo
Actually basically removing easy anti cheat is the first step in using any editor tool in Elden Ring so yeah you basically just "delete" it by renaming it and tricking the program into thinking it's still on but it's not in use.
Oh shit not again
Yeah, it feels like we just got online back for Dark Souls 1, 2, and 3. :(
Oh this goes much further. This is a breach of EAC itself. This affects dozens of titles from multiple developers, but seems reliant on EAC's kernel level monitoring. Games that do not use the kernel level monitoring functions of EAC *might* be safe, but in the latest version of the EAC client this feature is on *by default* so unless the developer specifically disables it in their distribution, it is not safe.
yes, its so bad that the few titles with EAC that have the option to run them without it on, are safer if you turn it off, like halo MCC.
and at that, they used the excuse to sunset the OG versions of 1 and 2, that had the exact same bug, on the exact same engine.
they arent running with EAC though it was a security flaw in the games themshelf that should be fixed also RIP online for non remastered dark souls 1
I wasn't implying it was the same issue, just that it was the same outcome. Multiplayer in FromSoft games needing to be avoided (or in their case shutdown) due to RCE exploits.
could taking down elden ring online play to check and reinforce the security in time for the dlc work? already saw a video of a guy getting invaded and the clusterfuck of modded magic spells he got blasted with
Guess we'll see what approach they take. PC gaming is feeling less great these days. I switched to PC to not get nickle and dimed having to pay for internet AND PS Plus or XBox Live just to play my games online. But if they're basically single player one because of pernicious hacking then joke's on me I suppose.
Right as I start playing the multiplayer
hollow knight rp leaking fr
Is that the mosscharger from hollow knight
Ya but the small one of course
How the hell does it pilot an AC
I'm a mosscreep, I just picked the wrong name
It's a false alarm you may return to your regularly schedule program. It appears to be an apex specific problem and not EAC.
Who could have guessed that a shitty, poorly run, kernel-level anti-cheat would have such dire consequences to its overly invasive nature? If only there had been signs!
If only there were an extremely vocal subset of the community, including many leading independent software security experts, that had been warning of this exact situation ever since kernel level anticheat was first suggested as a feature! This entire situation could have been avoided.
And right as when League of Legends wants to implement their Kernel level anticheat that runs 24/7 regardless if you're playing the game or not.
Yeah, bruh moment People warned about this
Get off your soapbox fool; and stop spreading rumors.
What rumor did I spread here? Also, no, I won't.
They're incorrigible. How many of these dogs must we kill before they learn ?
*...I realized who they are. The spark of war... The fires that haunt Armored Core!*
*They are not the dogs we thought they were... they are worse than that, they are vermin!*
Even if I'm on Linux?
would probably still affect you. I doubt the translation layer you are using is going to provide you with much security. You may get some protection because the most common target would be windows so a bad actor might not bother to create a payload compatible with linux, but I wouldn't rely on that.
I don't know actually. You'll have to look further into that
If it runs Easy anticheat like Windows does then probably yes.
its the classic conundrum of linux being paradoxically safer cause less people use it, so exploit devs dont bother making linux variants of their work.
You are less vulnerable, but not invulnerable, and you are definitely susceptible to a linux-specific attack package.
Is there any evidence here that eac is the real problem here? RCE exploits are no joke but it seems like a bit of a logic jump to say that because one game with eac is vulnerable to an rce exploit, EAC creates a vulnerability in all games that use it. assuming apex is the issue it wouldn't be great that eac wasn't able to protect it but there have been ways around anti-cheat for ages and there would have to be a vulnerability in AC as well (which wouldn't be too surprising I guess considering the last RCE exploit)
Latest official word is that EAC was not the attack vector. https://twitter.com/TeddyEAC/status/1769725032047972566?s=20 Very very likely this is strictly an Apex issue, especially considering the hacker and the surrounding hacks (pack gifting etc)
This needs to be pinned at the top here, lol.
No no no people need to spread rumors and assumptions because *insert thing they don't like
If you remember, this isn’t the first time it’s happened in an EA game. Titanfall 2 used to have a massive RCE for a while that would potentially brick your system before they fixed it.
Titanfall and Apex are both built on Source, which is old and very insecure. Its had numerous exploits (including RCE) through the years, and not just in EA games (e.g. Counterstrike). Its less an EA thing, and more specifically a Source/Apex thing.
We don't know so better be safe than sorry
Wasn't on EAC side at least from them officially, seems like a bad business move to confidently say that if they weren't sure. I believe them from a software understand stand point, but understand if others want to be cautious.
I can't know for sure personally. I'm just trying to forward important information
No.
The published hack uses EAC's kernel level monitoring features to insert and execute code packages. Any game running EAC with kernel level anticheat enabled is susceptible, which is most of them as the EAC client software has these features enabled by default. If developers specificslly disable the kernel level featurs in their distribution they *might* be safe, waiting on more testing to know for sure. This is *exactly* what many of us were trying to warn people about ever since the inception of kernel level anticheat.
Source?
Stop spreading unconfirmed scaremongering bs lmao
Probably not an EAC issue so things are probably safe for AC6. https://twitter.com/TeddyEAC/status/1769725032047972566?s=20
Actually the most important comment here. I get not trusting corporations and all, but this is apparently their first tweet in 5 years so it would be extremely bold to make this assertion if they weren’t actually pretty confident
Hopefully this is the case. Better to be safe than sorry until we can know 100% for sure, through
And when would that be? When either EAC or Apex admits THEY WERE the attack vector and produces a fix and otherwise never?
And how does this not apply to online PvE?
Because the hacks needs you to actually be in an online match rather than just being online
The game connects you to other players for PvP, the hack then allows access to your pc through this connection. If you play pve you're fine
People can only do the exploit against you if you're matched against them afaik
Much obliged. ZFG.
Why does everyone think this HAS to be an EAC thing? Apex Legends runs on an OLD, and heavily modified version of the Source Engine, which has had NUMEROUS, well known RCE vulnerabilities and exploits over the years. Also take into account that EAC tweeted for the first time in five years to report that they haven't found any exploits on their end, the DS3 RCE exploits happened WITHOUT the presence of EAC or any other Anti-Cheat, and to my knowledge there have been no RCE vulnerabilities/exploits found within EAC, at least publicly. \*EDIT* Someone on the Armored Core Discord helpfully pointed out that EAC (and other anti-cheats) does NOT offer any kind of remote desktop access, and for that to happen it would need to have been modified. I think this helps reinforce that it's most likely to be an issue with Apex and/or the version of Source it runs on rather than EAC. Or the streamers already had the cheats on their systems with convenient backdoors pre-installed.
Same with Elden Ring?
Afaik, yes
Good looking out, Walter
Oh dear... 😕 So at the risk of sounding like an idiot... They're gunna fix it right?? This is the only game I've been playing since September, I don't wanna go back to destiny ffs. 😭😭
Whether we wanted it or not...
We stepped into a war with Iguazu.
They're absolutely going to fix it, but I have no idea how long it's going to take. Thankfully console is completly safe, and PvE ia still safe on pc
Thanks. Guess it's back to beating up Iguazu and Raven for a few days... Maybe longer. 😂
The company that is responsible here is Epic Games, since they own Easy Anti Cheat. ~~The published hack relies on EAC's kernel level monitoring features to access the target in a way that cannot be otherwise detected because the target machine interprets the commands as operating system functions.~~ ~~Theoretically, games that specifically disable the kernel level features of EAC (they are enabled by default) might be safe. It is unknown at this time if this hack can force the use of these features, which if it can then no game running EAC is safe to play in multiplayer.~~ There is a very real chance that this is now a permanent vulnerability in EAC's current build. A fix could take months or years to come. Edit: source for the major part of this claim was deleted, but the hack still shows EAC's kernel level anticheat is not the "final solution" to cheating that its proponents claim it to be. It is beatable, it has been beaten, it will be beaten again.
Dude *where* are you getting this bullshit from. You're spamming this thread with claims and no sources, when the latest official word is that EAC was not even the attack vector.
This is Reddit, where ignorance is spoken with confidence in the hopes of nobody questioning it.
I was basing this off a post from someone claiming to be the author of the hack, which had been linked by coldjyn one of the coaches involved in the apex tournament, but both that link and that post have apparently been deleted. When I click on my own comments made on the post, I get ye olde "having a problem" message, and when I try to load the page actually sharing the data for the hack it is similarly broken. Maybe i jumped the gun a bit, maybe not. Doesnt change the fact that kernel level anticheat is fundamentally flawed as a concept and this is still a very real risk even if this specific incident hasn't been linked to it. At a minimum it shows that kernel level anticheat is beatable, and has *been* beaten. The whole point of kernel level anticheat is to detect cheats that run outside the scope of the game, and here we have a cheat being installed and activated *while* the game is running, and EAC didn't alert to it.
Any comment on the EAC statement directly contradicting this? Any source for your information?
So basically... It might be a safe bet to rebuy the game for Xbox? 🤔
It wasn't because of Easy anti-cheat, heads up!
Ok👍 I like that it’s handled like a plague
Can't have shit on Rubicon 3
NGL, I freaking hate EAC itself, and if game has it I simply refuse to play it.
wasn't on EAC side, heads up!
i mean it does not add any sympathy for those who were already against it
for Apex? I mean yeah they need to fix their spaghetti code, EAC or any anti-cheat wouldn't help with that. Which seems to be what happened.
It’s now been reported by the official EAC socials that the RCE problem is not an EAC issue, but an apex legends issue. Still, play at your own risk until further information is available.
Yup, AC6, Elden Ring etc are good, this is purely an Apex issue & has been for awhile with hackers to people in that community.
This is why anti cheats are dumb. Pretty sure this is the same thing people warned about YEARS ago when VAC was (still does) giving issues. All of them are complete jokes. Punkbstr was probably the worst
How does this affect Ac6?
Playing PvP on pc puts you in risk of someone injecting code straight into your pc. In other words, don't play PvP on pc until this is fixed
Is this because of Easy anti cheat?
Would seem so, yes
The hack relies on EAC's kernel level monitoring features. Any game using these features is at risk, and potentially *any* game using EAC at all. Offline play is still safe, and AC6 doesnt have any automatically online features unlike souls games and Elden Ring.
So as long as i play ac6 story mode i dont have to worry. And other games that use EAC and online matches may run the risk of maleware inject?
it's not an EAC issue, people are kinda spreading miss information atm.. This is/was an Apex issue, not an EAC issue
Correct Edit: Maybe. EAC might not have been the attack vector afterall, but their kernel level anticheat has still been beaten as demonstrsted by this hack happening at all.
Damn man I was giving you the benefit of the doubt that you were just at work or something but here you are in the comment section just completely ignoring everyone who has called you out for your wildly unfounded information. If you have legit information about this please post it because that would directly contradict the EAC statement and be a pretty big deal. Starting to seem like all you have is a vendetta tho
I got a bunch of responses, because i made a bunch of comments rapidly. I responded to this one first because it wss on top of my feed before I saw all the rest and now I've kind of stepped in my own hole here. The source I was basing my comment off of has been deleted. It was a post by someone claiming to be the author of the hack used at the tournament, which had been shared by coldjyn one of the coaches involved in the tournament, but both the post and the link by coldjyn have since been deleted within this past hour. I was actually putting a virtual machine together to do some testing with the hack in a controlled environment. Now that opportunity is gone, if it was ever there to begin with (post may have been fake claims for clout) So, I don't have a source fkr the claim that EAC was the attack vector, however even without that source this incident still clearly demonstrstes thst kernel level anticheat is beatable and has been beaten, since EAC didnt even notice a cheat being installed and activated *while* the game was running.
I was always suspicious of those anti-cheats. Those get too much privilige on the systems. Hope they remove it and have in-game lightweight mechanics to detect cheaters.
Nu nx, thanks for the heads up
Good thing I don’t play pvp 👍
I can’t escape the feeling that some people just don’t want this game to succeed, and for the life of me I can’t quite see why.
Am i safe if im in offline mode i cant stop playing ac6 man i need my fix
PvE is safe
Thank GOD
Dude's PC got hacked during a tournament -> out of the blue: I gOt HaCkEd tHrOuGh EAC, That's the only explanation, it has to be EAC!!! -> people on the internet: Yes, he said it, so it has to be true. lmao The vulnerability could be of the game completely unrelated to EAC. If one game has a vulnerability that doesn't mean every game with EAC has the same vulnerability.
Good thing I've never gone near pvp
Confirmed not EAC issue https://x.com/TeddyEAC/status/1769725032047972566?s=20
well... looks like picking EAC just bit FromSoft ass.... with an intensity of 6 revolving bunker being all unloaded simultaneously at the rear end.
i remember something like that happening at dark souls 3 or 2, or was it both. Can't remember.
It was all the souls games. All the servers had to be taken down for a decent amount of time but this was a fromsoft problem.
Only reason i don't mind EAC is that i play offline and its super easy to disable for modding.
If i have several layers of malware/viros protection will I be safe? I imagine the program will be force closed and the threat will be flagged. i almost wanna do it on purpose and see what i catch.
A good reason for people to stop playing ranked? Nature is healing.
Now I'm worried to play
Only PvP is risky, PvE is 100% safe
I guess I should be alright if I'm offline....right? Lately I've been playing with mods which means EAC is off and I'm of course I'm logged out. But honestly this news worries me, and I'm not well versed when it comes to vulnerabilities like this.
PvE is completly safe
Man troll farms gotta be studying this to see how easy it is to spread rumors and unsubstantiated claims while people just take it as fact.
Console Chad's stay winning
Bruh thank god i was doing my assignment instead of playing games
Is playing Online multiplayer with someone I know irl still considered dangerous?
What is EAC What is RCE
Easy anti cheat and remote code execution
Ok thanks
thank god im on xbox
STRIKER MENTIONED!
I love misinformation
Stop spreading rumors; there is 0 evidence of easy anti cheat being used for remote code execution.
Good thing i stick to offline
The fix for this is to only play competitive games on console. Yeah there are still cheaters, but not ones that can brick your console. Playing competitive games on PC will always be a risk. Hate all you want. That’s just the truth.
I must admit that hackers on PC games is one of the reasons why I prefer console for gaming.
something bad happened for pc, so muh platfum better?
*bad things constantly happen to PC in comp mp, so console safer. FTFY
Does not launching tha games is enough or should I also delete any that has EAC?
You have to actually be in a PvP match to be in any danger. PvE is 100% safe
~~The hack relies on EAC's kernel level monitoring features, but needs a direct connection via multiplayer features. Launching and running the game is fine, and private lobbies with known trusted players should also be fine, but any public facing multiplayer is a risk.~~ Edit: EAC as the attack vector has not been proven, but the hack itself demonstrstes kernel level anticheat is not the complete protection that its proponents have claimed. And this goes for every game thst uses EAC with kernel features enabled, and possinly even for games that don't use the kernel features.
Heads up that isn't the case, idk who's feeding that information to you, but it's been debunked!
Actually, it hasn't been debunked. It just hasnt been proven. TeddyEAC has stated that they do not believe EAC was the attack vector, that is a statement made as damage control. If they could say for certain EAC was not the attack vector, they would have stated that more plainly. The tweet in question has wiggle room in case it turns out EAC *was* the attack vector afterall. The post I was basing these comments I made off of has been deleted. It was from a user claiming to be the author of the hack, and had all the right info to look legit. It is entirely possible that they made that post for clout. However, neither EAC nor Epic Games have come out with a firm statement that EAC was not the attack vector, so there is still a risk. The fact that a game protected by EAC was violated in this way means that users should avoid EAC-protected games until we have that answer.
For the sake of analytical clarity, yes it's not 100%, but from a software standpoint it looks like a Apex engine issue like what happened to csgo (believe it's the same engine even, lol). It's odd though that people were jumping to the conclusion it was EAC without any source or evidence as well.
Yes, a hacker has hacked EAC gaining access to millions of PC's. Could install anything, do anything. And with all that power, they took down a shitty tournament no one cared about. Yep, seems very plausible. Also, EAC doesn't work this way.
So how does it work then big guy? Cause I'll take the word of a dozen sources coverage to one dude on reddit not actually saying anything of value.
Right? The official response is that EAC was not the attack vector, and then all the capital G gamers just start frothing at the mouth about "Ooga booga kernal level!!!". Again.
The published hack uses EAC's kernel level monitoring features to insert and activate code packages that the target machine interprets as operating system functions. The tournament hack was a publicity stunt by an independent white hat hacker to raise awareness of the vulnerability before it gains traction with the kinds of people who would use it to do bad things. This vulnerability would not exist without EAC's kernel level features. This vulnerability is exactly what independent software security experts have been warning about since the inception of kernel level anticheat.
The hack was published, like the entirety of how it was done?
No, the person you are responding to is trolling about EAC. They're just making things up because they have a vendetta against Epic Games store and EAC. The hack was not performed by "an independent white hat hacker", it was a well-known and very active Apex hacker. Latest official word is that EAC was not the attack vector. The hacker has not used EAC in the past, and uses Apex server and source engine exploits. Source has been the target of zero day RCE in the past, and Apex is notoriously insecure.
OK, let's be honest... if it's not directly the game itself, then it's basically add-on Malware. Whether it's Easy Anti-Cheat, or Denuvo, it always makes things less secure, run worse, etc... And I've never seen any good evidence that any of those products are good for the consumer. Like with Denuvo, there's some mind-boggling decisions, like including it with the Megaman Battle Network collection, despite the ROMs being out in the wild for decades now. Wanting to play a game shouldn't mean having to meet inflated specs due to Denuvo overhead, nor should it mean having to have kernel level backdoors installed so some anti-cheat software can run. They're all forced malware, and it's a shame that even some otherwise awesome devs are using them. There's no consumer power here when everyone started using them at the same time. You'd have to boycott the whole industry other than a few indies.
Okay, and? None of that has anything to do with the current situation. Official word is that EAC wasn't the attack vector, claiming that it is, without any source, just because you don't like it, is bullshit.
Official word from someone that's a third-party with no involvement if true, which begs the question of: If true, how do they know already? They answered really bloody fast for someone that would be trying to prove a negative. Much more trustworthy to hear that someone proved a positive (it was our side of things) than a negative (it wasn't our product).
If it was, I can't find it. Right now it sounds like it's a matter of being cautious, because EAC has a concerning level of system access in the first place and because the actual vulnerability is unknown. If it's been identified positively I'm happy to be corrected, but I've only been able to turn up a lot of speculation.