Nism Unit 9
Published:
Reflections
Gaming is my favourite hobby, and I frequently replay fairly old games for nostalgia. I recently started playing Call of Duty: Black Ops II on my computer, and after some reading on the forums, I realized that it has a critical vulnerability- an attacker can execute arbitrary code on a player’s computer. This vulnerability is confirmed and has its own CVE ID, along with a CVSS vulnerability rating of 9.8, which is critical (NIST, 2019).
The coursework I’ve done so far allowed me to interpret this situation critically and understand just how dangerous the current state of affairs is for this title. Additionally, the way this situation has been handled by the game’s publisher is unacceptable: the publisher of this game has made no effort to patch the game and it was released in 2012. At the very least, an announcement should have been made so that customers can protect themselves and find a suitable workaround (either by playing on console, playing a newer title, or uninstalling the game completely), however, that was not done. Furthermore, this company is still selling the game and is still making a profit on software that is lethal to its users, which I feel is completely unethical.
Based on what I learned from the module so far, I made the decision to uninstall the game and not play it anymore because I now know just how dangerous it is to have an unpatched vulnerability in the wild, with proof-of-concept code available (momo5502, 2019). Although I was disappointed by the situaion, I liked the fact that I found a real world example of a vulnerability which is analysed using the exact same framework my team is using for the executive summary.
Document Links
Peer Responses
Meeting Minutes
References
NIST. (2019) CVE-2018-20817 Detail. Available from: https://nvd.nist.gov/vuln/detail/CVE-2018-20817 [Accessed 25 December 2021]. momo5502. (2019) COD Exploits. Available from: https://github.com/momo5502/cod-exploits [Accessed 25 December 2021].