ElDewrito 0.6.1.0 – A Security Patch Release
The creators of the free open-source modified version of Halo Online have released a public post on Reddit that a security update has been made to the game to fix a cross-site scripting security exploit.
This was released earlier today on their official subreddit and discord server. Prior to the update, hackers were able to share links with other players using the in-game chat service. These links can execute console commands, even if the users simply hover over the link.
Minutes after the exploit was discovered, the developers disabled the chat service so hackers lose the ability to run these commands on other user’s machines. Soon after, they released the security update which is available now.
This patch was released even though Microsoft recently stopped them from making updates to the game due to legal concerns:
While we currently can’t make feature updates to the game, we must release this security patch in order to protect players from these exploits. We have alerted 343 of the situation. Bottom line: The safety and security of the players is of utmost importance to us and we cannot let these exploits remain active.
The creators of ElDewrito said on their official subreddit.
Source: ElDewrito Subreddit