The day after the North American finals of the Apex Legends Global Series were postponed due to a hack mid-match against two players, Easy Anti-Cheat issued a statement saying “there is no RCE vulnerability” in its software leading to the Wearing was exploited to repel the attack.
The first hack against DarkZero's Noyan “Genburten” Ozkose occurred in the third match of the day: he could suddenly see every other player on the map, even through walls, and was ultimately forced to abandon the match, despite his teammates finishing second despite being outnumbered were able to achieve. The second hack occurred in the next match: Phillip “ImperialHal” Fügen from TSM suddenly found himself confronted with an aimbot. This game was eventually canceled, as was the North American final delay “due to the impact on the competitive integrity of this series.”
Shortly thereafter, the Anti-Cheat Police Department, a volunteer group that specializes in “collecting information about cheaters in order to detect and disrupt fraudulent providers,” released one opinion that an RCE (Remote Code Execution) is being abused in the game and it is unclear “whether it comes from the game or from the actual anti-cheat software (software)”.
Remote code execution exploits allow attackers to run software on remote machines, and that's bad news: an RCE was responsible for banning PC PvP servers for Dark Souls games in 2022. A similar vulnerability was discovered in GTA Online in 2023.
In this case, as Anti-Cheat PD put it, “the RCE is being abused to inject cheats into streamer machines, meaning they have the ability to do anything, such as installing ransomware software that Blocked your entire PC.”
How this attack occurred is still unknown, but Easy Anti-Cheat issued a statement today disclaiming any responsibility. “We have been investigating recent reports of a potential RCE issue within Easy Anti-Cheat,” it tweeted. “At this point, we are confident that no RCE vulnerability is being exploited in EAC. We will continue to work closely with our partners to obtain any further support.”
What makes the statement even more notable is the fact that it is the first time Easy Anti-Cheat has tweeted since May 2019. The company clearly thinks it's an important issue, and for good reason: finding where the vulnerability lies – in Easy Anti-Cheat or Apex Legends itself – is hugely important, as it could determine whether that RCE is included in a game or can potentially be used in other games that use EAC such as Fortnite, War Thunder, Lost Ark, Elden Ring, Battlefield 2042 and Hunt: Showdown, to name a few.
Responding to EAC's tweet, Anti-Cheat PD said it suggests the problem lies in the Source engine itself, which Apex Legends uses, and that it could be similar to a security vulnerability in detail in 2021.
Respawn has yet to comment on the hack, so the big questions remain – how did this happen and what is the risk of playing Apex Legends? – unanswered. There's also currently no indication as to when the ALGS North American Finals will resume, but it's fair to assume that won't happen until Respawn is confident the game is secured. I've reached out to EA for comment and will update if I receive a response.
