You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Update: CD Projekt says the security flaw should now be fixed, thanks to the new 1.12 hotfix.
Hotfix 1.12 is now available on PC!This update addresses the vulnerability that could be used as part of remote code execution (including save files):- Fixed a buffer overrun issue.- Removed/replaced non-ASLR DLLs. pic.twitter.com/LAkBfVpnXfFebruary 5, 2021
The issue came to light over the weekend thanks to Red Tools mod team member PixelRickyRick and redditor Romulus_Is_Here, who explained that "through the use of a mod or a crafted save game, malicious codes can be executed to take control of the PC by the creator of the save game/mod." The exploit was initially thought to be limited to the PC version of the game, but PixelRickyRick later confirmed that the PS4 version is vulnerable as well.
CD Projekt was made aware of the vulnerability a week ago, according to the post, but only acknowledged it today.
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.February 2, 2021
"A group of community members reached out to us to bring up an issue with the external DLL files the game uses," the studio said in a statement sent to Eurogamer. "This issue can be potentially used as part of a remote code execution on PCs. We appreciate their input and are working on fixing this as soon as possible. In the meantime, we advise everyone to refrain from using files obtained from unknown sources. Anyone who plans to use mods or custom saves for Cyberpunk 2077 should use caution until we release the aforementioned fix."
If you don't want to wait for that, the latest update to the Cyber Engine Tweaks mod, which includes "performance fixes, bug fixes, and fun hacks to play with," also addresses the vulnerability. I've reached out to CD Projekt to ask if there's a time frame for the official fix, and will update if I receive a reply.
