Epic Games Inc. is working to fix vulnerabilities in its Unreal gaming system, Vice President Mark Reins said in an e-mail sent to Bugtraq, a security mailing list, on Tuesday.
Thor Larholm, a senior security researcher with network security company PivX Solutions LLC, had e-mailed Bugtraq earlier on Tuesday to say that his company had pointed out the vulnerabilities, which have existed for five years, some months ago. Despite promises from the company that it would fix them, it had done nothing and had refused to work with PivX, of Newport Beach, California, according to Larholm.
In a phone interview with online news service Tech TV on Monday, Reins had threatened to get lawyers involved regarding PivX's disclosures about vulnerabilities. However, in a subsequent call to the news site, and in his e-mail to Bugtraq, he apologized for "those completely unfortunate comments that I sincerely regret." PivX "gave us more than fair enough warning of the bugs and we simply failed to fix them in the allotted time," he said in the e-mail.
Epic, in Raleigh, North Carolina, is now testing a patch to fix the security issues, he said.
Neither Larholm nor Reins was immediately available for comment.
Games affected by the vulnerabilities include:
"Star Trek: The Next Generation: Klingon Honor Guard" "Unreal" "The Wheel of Time" "Deus Ex" "Mobile Forces" "Rune" "Unreal Tournament" "Hired Guns" "Navy Seals" "TNN Outdoor Pro Hunter" "Werewolf" "X-Com: Alliance" "Adventure Pinball" "America's Army" "Unreal Tournament 2003"
Hired Guns, Navy Seals, Werewolf and X-Com: Alliance are not yet available, but use the same, affected code, PivX said.
Playing these games on a Windows, Linux or Mac platform makes a user vulnerable, the company said. It is currently checking to see whether the vulnerabilities are duplicated in console platform versions of the games, such as Unreal Championship for Xbox.