Need For Speed Payback Mac Attack

Need for Speed™, one of the world’s bestselling video game franchises, returns with a vengeance in the new action-driving blockbuster, Need for Speed Payback. Set in the underworld of Fortune Valley, you and your crew were divided by betrayal and reunited by revenge to take down The House, a nefarious cartel that rules the city’s casinos. Mac-attack (trailer from NFS official fanpage) Bob Bradley: I'm On My Way (with David Robert Thomas) Composed soundtrack! This is Need for Speed Payback: Deleted from final version or never appeared in the game. Run The Jewels: Hey Kids (feat. Danny Brown) Trap! Appears on Spotify playlist; missing on NFS.com soundtrack list. Mentioned in game. Need for Speed Payback Crack Torrent Download CPY Reloaded 3DM SKIDROW Need for Speed: Payback on PC Platform Windows is an arcade racing game – just like all previous cycles. The action takes place in the open city of Fortune Valley, where there is a full day cycle. The Defender 110 Double Cab Pickup appears in Need for Speed: Payback following an accidental usage of a text string that was shown as part of a promotional screenshot released on August 22, 2017, but was quickly replaced with a similar image. It later appeared in the Welcome to Fortune Valley trailer released on September 26, 2017.

  1. Need For Speed Payback City
  2. Need For Speed Payback Wiki
  3. Need For Speed Payback Mac Attack Mode
  4. Need For Speed Payback Mac Attack Full

Severity: Important

CVSS Score: 7.8

Impact: Elevation of Privilege

Status: Fixed

Affected Software: Origin for Mac & PC version 10.5.74.41754 (or earlier)

Description

A vulnerability exists in the Origin Client Service that could allow a non-Administrative user to elevate their access to System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for high privileged users or system Administrators.

Attack Scenario

To successfully leverage the vulnerability, the attacker needs to have valid user credentials with the ability to log-on to the computer that has the Origin Client installed. Upon successfully logging in the attacker would then need to be able to install a specially crafted program or execute code that modifies the contents of affected Origin install directories. They would then need to stop and restart the Origin Client.

Mitigations

Need for speed payback mac attack mode

Mitigations describe factors that limit the likelihood or impact of an attacker successfully leveraging the vulnerability

  • A successful attack would require the user of a valid account on the local machine with the Origin Client installed.

Workarounds

Workarounds are steps EA customers can take to reduce the potential for an attacker to leverage the vulnerability if they cannot or choose not to install the update.

Online
  • In order to temporarily limit the likelihood of the vulnerability being executed by non-privileged users, the system administrator may choose to remove local login rights from accounts or disable non-administrator accounts.

Resolution

Mac

To address the vulnerability players with Administrator rights are advised to install the latest version of the Origin Client version 10.6.0.42339.

On the next player login, the player will be required to update before entering their credentials. If they are already logged in, they will need to restart Origin to get the update.

Frequently Asked Questions:

How is Issue Severity Determined?
Issue severity is based on a 4-point scale ranging from Critical to Low. As part of our investigation, security engineers determine the overall ease of exploitation and how an attacker would need to successfully exploit the vulnerability. Typically, the fewer barriers that exist to exploitation combined with a higher Security Impact, the higher the Issue Severity designation.

Need For Speed Payback City

What causes the vulnerability?
The vulnerability is caused by the Origin Client Service’s loading of 3rd party plugins. In this scenario, a specially crafted QT plugin could potentially be loaded running under the context of System. This would enable a standard user to elevate to Administrator or System privileges and potentially take full control of the affected system.

What is Qt?
Qt is a free and open-source widget toolkit for creating graphical user interfaces as well as cross-platform applications that run on various software and hardware platforms.

Need For Speed Payback Wiki

Need for speed payback buy

How do I know if I am vulnerable?
If Origin client version 10.5.74.41754 or earlier is installed on the system, it is vulnerable to this issue.

How does the update resolve the vulnerability?
The update restricts the dynamic loading of 3rd party plugins to the application directory. This directory is only editable by an Administrator account.

Has this vulnerability been used against EA’s customers?
No. At the time of publication of this advisory we are not aware of any attacks against EA’s players that leverage this vulnerability.

Need For Speed Payback Mac Attack Mode

Acknowledgement(s)

Need For Speed Payback Mac Attack Full

EA thanks the following security researcher for their discovery and reporting it to us in accordance with Coordinated Vulnerability Disclosure practices:

  • Joel Noguera of Immunity Inc for reporting CVE-2020-15524

Date Published: 7/22/2020

Version: 1.0

Comments are closed.