Mods for games are nothing new and Cyberpunk 2077 mods have been pouring out pretty much since day one of the game's launch. While there is always a risk of corrupted save files when modding any game, CD Projekt Red is warning players about potential security risks relating to a DLL file vulnerability.
For those that may not know, DLL is short for Dynamic Link Libraries and they are like EXEs but aren't directly executable. DLL contains things like UIs, classes, variables, and other functions and is a part of virtually all operative systems. These files include important coding that most systems require at startup, and a failure to recognize this library can result in the failure for a system to boot up at all.
The studio behind the open-world RPG took to Twitter to offer up a warning, saying, "If you plan to use Cyberpunk 2077 mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses, which can be used to execute code on PCs. [The] issue will be fixed ASAP. For now, please refrain from using files from unknown sources."
If you plan to use @CyberpunkGame mods/custom saves on PC, use caution. We've been made aware of a vulnerability in external DLL files the game uses which can be used to execute code on PCs. Issue will be fixed ASAP. For now, please refrain from using files from unknown sources.
— CD PROJEKT RED CS (@CDPRED_Support) February 2, 2021
How the studio "became aware" of the issue is a Reddit thread that has since gone viral, detailing the security issue regarding certain Cyberpunk 2077 mods. "Through the use of a mod or a crafted save game, malicious codes can be executed to take control of the PC by the creator of the save game/mod," reads the initial post. "CDPR was made aware of this serious security vulnerability for almost one week. They went on to release the Hotfix 1.11, but didn't bother to address this. You have PixelRick (Red Tools Team) to thank, whose discovery brought this to the attention of the modding community."
The redditor then went on to clarify the original post, mentioning that they originally thought this was a PC-specific issue given that PC modding is the most accessible and readily available avenue, but then another user confirmed that the vulnerability also extends out to PS4 players.
The entire thread details alternatives for players to use when modding as well, including how to spot malicious code when using resources like Nexus Mods. To learn more about the vulnerabilities CDPR is warning about, you can check out the full post right here. You can also learn more about Cyber Engine Tweaks for safer modding practices as well, seen here, while waiting for the official fix from the studio to push through.
Some may remember that in early 2015, The Wall Street Journal ran a story that claimed sources had informed the outlet that a live-action Legend of Zelda TV series was being developed by Netflix and Nintendo. The story made the rounds, of course, but Nintendo’s then-president Satoru Iwata shut down the rumors stating the information was incorrect, which seemed true given a series never materialized. According to comedian Adam Conover of CollegeHumor fame, the Zelda show was very real, and the only reason it got canned, along with other potential Nintendo adaptations, was because someone at Netflix leaked it.
Speaking on The Serf Times podcast, Conover reveals that at one point he and CollegeHumor were working on a secret project to create a claymation Star Fox in the vein of Wes Anderson’s Fantastic Mr. Fox. Nintendo was on board with the idea, and Conover says Shigeru Miyamoto even visited their office at one point.
In a clip picked up by supererogatory on Twitter (as reported by Eurogamer), Conover goes on to say that it was during this time when rumors of the Zelda Netflix show began ramping up.
“Then, like a month later, suddenly there were reports ‘Netflix isn’t doing this Legend of Zelda anymore, they’re not doing The Legend of Zelda.’ And I was like ‘What happened?’ and then I heard from my boss ‘We’re not doing the Star Fox anymore’, and I’m like ‘Oh, that’s weird’. So I went and asked him ‘What happened?’ and he said ‘Oh, someone at Netflix leaked the Legend of Zelda thing, they weren’t supposed to talk about it.' Nintendo freaked out because it was the first time they had done any IP in years for, like, any project, they had no television, no adaptations of any kind for years and years but when Netflix leaked it, they freaked out and they pulled the plug on everything. They pulled the plug on the entire program to adapt these things.”
The full clip is worth watching, especially Conover’s funny story about missing his chance to meet Miyamoto during his visit. Not much is known about Netflix’s mysterious Zelda show, other than WSJ’s sources at the time describing it as “Game of Thrones for a family audience” It’s a sad story, but not entirely surprising. If someone at Netflix really did spill the beans, it doesn't shock me at all to hear that Nintendo, a company extremely protective about its IPs, reacted by basically scorching the earth. Time has clearly healed some of those wounds, though, since Illumination of Despicable Me fame is currently working on the animated Mario film. And while a live-action show won't be happening, we still think Zelda would make a great Netflix animated series.
[Source: supererogatory via Eurogamer]