6 Dangerous Vulnerabilities Fixed In GOG Game Client

Cisco Talos experts have discovered a set of serious vulnerabilities in the GOG gaming client. The gaps, which are already closed in the current version of the program, allowed the hacker to increase privileges in the system and get access to the closed data.

According to experts, the latest update of GOG Galaxy has included patches for six vulnerabilities. Among them are two critical gaps, two serious and two moderate degrees of danger.

The most dangerous holes are connected with the elevation of hacker privileges through file manipulations in GOG Galaxy folders. Vulnerabilities CVE-2018-4048 and CVE-2018-4049 received 9.3 points on the CVSS 3.0 scale.

The problems are related to the Temp and Games service directories. By default, the program runs files stored in them with permissions of the SYSTEM level. If the offender replaces or edits this content, he will open up a lot of threatening opportunities, including executing third-party code and gaining access to other accounts on this computer.

Experts note that you can protect yourself from an exploit yourself. To do this, you need to change the security level of the Temp and Games folders from “Full access” to “Read and execute”. The user should also make sure that all files in these directories get the same rights. This will not prevent GOG Galaxy from running the necessary software, but will block access to key system processes.

The remaining gaps were found in the GOG client for macOS, namely, in its helper utility. So, CVE-2018-4050 and CVE-2018-4051 (both got 7.1 points) allow an attacker to adjust the security level of folders on the target machine and create new directories. As a result, a hacker can enhance his own access rights, manipulate critical files, and even make changes to the root file system.

Vulnerability CVE-2018-4052 (6.2 points) threatens to leak important data. The researchers found a bug in the function that allows you to control current processes. Security requirements state that it should have access only to services with privileges not higher than its own. In practice, through this option, you could get information about root services.

The last of the CVE-2018-4053 gaps creates the possibility of DoS-attacks by sending specific requests of the same internal GOG Galaxy assistant utility. As the experts explained, each operation of this component is completed with a close command. However, the developers did not provide for checking incoming data, so an attacker can execute third-party code on the system or cause a denial of service error.

Experts urge users not to hesitate with the update. Although the vulnerabilities of the macOS version of the client are less dangerous, each of them can lead to extremely unpleasant consequences.

Source: https://blog.talosintelligence.com/2019/03/vulnerability-spotlight-multiple.html