GTA V vulnerability exposes PC users to partial remote code execution attacks

Rockstar Games logo appearing against a backdrop of the most recent games it has released
(Image credit: Getty Images)

Popular video game Grand Theft Auto V (GTA V) has been found to contain a flaw allowing for partial remote code execution (RCE), amidst calls for users to avoid the game entirely until a fix has been released.

Hackers had initially used the flaw to give themselves elevated levels within the game and ban other users, but it has since become apparent that the same exploits can be used to achieve partial RCE on victims' PCs.

If threat actors use the flaw to achieve full RCE, they could launch malware on the devices of victims using the game as a staging point.

As the extent of actions that can be carried out using the vulnerability are still being analysed, community members have urged others to stay away from the game.

See more

Reports have indicated that hackers have even been able to force themselves into private online sessions between friends, meaning that all online use of the game could be considered unsafe.

Twitter user ‘Tez2’ was among the first to warn that the flaw allows for partial remote code execution. They have since tweeted that “Rockstar is aware and has been logging any affected account before the first mod menu started abusing the new exploits”.

The flaw has been assigned CVE-2023-24059 and is awaiting a CVSSv3 severity score.

“With online gaming being extremely popular and lucrative, there have always been criminals, and mischief-makers online who have tried to hack the system into getting easy victories, or social engineering other players," said Javvad Malik, lead security awareness advocate at KnowBe4.

"However, having such a vulnerability in such a popular game is rare, and it can potentially have a huge impact on players. As soon as a patch is available, people should install it to prevent being victims.”

The game’s community on Reddit began to warn about the vulnerability on 20 January, and a day later a community moderator issued a post urging users to report the issue to Rockstar and to refrain from playing the game.

In the same post, a temporary fix for account corruption was noted: deleting the “Rockstar Games” from a device’s Documents folder, and reloading the game.

However, this is only useful to those seeking to continue playing the game, and will not remedy potential malware or file deletion that arises as a result of RCE.

GTA V is the second best-selling game of all time, having sold over 170,000,000 copies to date. It is available on a large number of platforms, though it is the PC edition that contains the flaw. Those who use their laptop for both work and personal use, rather than a designated business laptop, could be at risk from the flaw.

The game has been a hotspot of hacking activity for some years, Rockstar has struggled to keep GTA Online servers clean of hackers seeking to cheat for advantage, or get legitimate users banned. At time of writing, Rockstar has not issued a statement addressing the issue on its social media channels.

Comparisons can be drawn with a similar incident from January 2022, in which the game Dark Souls’ servers were taken offline following the identification of an RCE vulnerability in the game’s servers.

A streamer was able to run a Powershell script on another steamer’s device using the flaw, in a demonstration of its dangerous potential in the hands of malicious hackers.

The flaw affected multiplayer servers in the games Dark Souls: Remastered, Dark Souls: Prepare to Die Edition, Dark Souls 2, and Dark Souls 3. It took creator Bandai Namco seven months to put servers back online in the aftermath. GTA Online servers remain active despite the threat.

IT Pro has approached Rockstar Games for comment.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.