Jump to content
This Topic

The fucking plugins are gonna be the end of our accounts I swear - Security Incident Jan 21 2023

Damned

By Damned
in RS General Chat

Recommended Posts

Damned

Damned

Posted
Posted (edited)

https://runelite.net/blog/show/2023-01-22-security-incident-jan21/

 

Copied in case people dont want to click on the link

"Security Incident Jan 21 2023

yesterday by Adam

On January 10 a plugin named ChatClip was erroneously published to the plugin hub which, under non-default configuration, would permit an attacker to remotely execute code on a victims computer by sending an in-game message.

This was caused by human error on our part, where we approved the plugin despite the code being exploitable.

To be affected by this issue, you would have had to 1) installed the chat clip plugin, and 2) enabled the Add to history option within the plugin.

Over the 11 day period the plugin was active on the plugin hub, the plugin was installed 118 times by 78 unique IPs. We have no way to determine how many of those users enabled the Add to history option allowing the exploitable behavior.

We raised the issue to Jagex, and provided to them the IPs of the players who we think could be affected. A staff member briefly took a look at the possibly affected accounts on Saturday, did not find anything requiring immediate attention, and has promised to look into it this week. I hope that they will be able to take corrective action if any compromised accounts are found.

We have also checked all existing plugin hub plugins and found no other plugins with similarly exploitable code.

To prevent this from happening again in the future, we will be automatically flagging plugins which use potentially dangerous APIs that can allow command injection, to require them to be more closely scrutinized.

- Adam"

Edited by Damned
Daddy stink

Daddy stink

Posted
Posted

No shit lol. Fucking rats

Damned

Damned

Posted
  • Author
Posted (edited)

good on runelite for how they handled it, but i bet jagex wont even read their email and just reply with their shitty automated bots 

Edited by Damned
UK_Luke

UK_Luke

Posted
Posted (edited)

It's actually sad how the majority of these attacks are made by players who profess to love the Runescape community; yet kill it with their actions.

Edited by UK_Luke

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.