CD Projekt Red has released a PC hotfix for Cyberpunk 2077, closing a vulnerability that could have left those modding the game open to malicious hackers.
Announced on Twitter (below), hotfix 1.12 is out now on PC, and fixes two separate elements that could potentially have been used to remotely activate harmful files hidden inside mod downloads.
Hotfix 1.12 is now available on PC!
This update addresses the vulnerability that could be used as part of remote code execution (including save files):
– Fixed a buffer overrun issue.
– Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXf
— Cyberpunk 2077 (@CyberpunkGame) February 5, 2021
Earlier this week, CD Projekt Red warned those modding the game to use caution after community member PixelRick flagged the potential issue.
“You should be able to trust data file mods to be harmless, and only be skeptical about executables in general,” PixelRick said to Eurogamer at the time. “This vulnerability makes it impossible to really trust any modded data file for this game until [the] patch.”[ignvideo url=”https://www.ign.com/videos/2021/01/20/cyberpunk-2077-reviews-one-month-later-the-review-crew”]
Thankfully, that patch is now in place after CD Projekt thanked its community for pointing out the problem.
It’s the second hotfix to be released after the game’s major 1.1 patch, following a quick fix to a brand new game-breaking bug. To see what changes CD Projekt Red’s been making, check out our performance review of the game following the 1.1 patch.[poilib element=”accentDivider”]