What was the Roblox studio exploit and am i safe?

This isn’t the right category but i just want to know what all of that was about. I’ve updated studio once, then updated again after i saw the new update thingy. When i was closing studio, i saw the update available thing again but i closed studio and shut off my computer. Can anyone tell me what that was about and if I’m safe? Thanks! I’m mostly concerned about my game.

18 Likes

Same question here. I’ve had my PC AFK since 6 AM for reasons that you might find obvious. It’s 8 PM now. I don’t know when EXACTLY this happened or how but I’m seriously concerned. I mean, what if in all this time a rat was put in my pc?

You would need to download and install a malicious plugin to Roblox Studio for it to have affected you. If you haven’t installed any suspicious plugins from unknown/untrustworthy sources, you should not be affected.

9 Likes

Oh. I didn’t know what happened. Thanks!

now studio is telling my my files are missing or corrupted on my mac and studio isn’t opening on my windows desktop

i hope im ok

Edit: My mac is okay now

5 Likes

How would people even achieve a RAT through a lua script…?

3 Likes

It was able to execute raw Luau bytecode, bypassing the sandbox Roblox has in place to protect your system. It could be possible for it to execute external programs from there.

3 Likes

They might be a security leak or something along the lines

1 Like

7 Likes

You can do a malware scan if it makes you feel safer, but unless you installed some weird plugin or have ran random code it shouldn’t have affected you much

2 Likes

Right now if you want to play safe you can uninstall roblox or don’t download random plugins

The technical term for the exploit is a “Remote Code Execution” (or RCE) exploit, which allows a malicious user to execute code on a system they don’t have physical access to. From what I saw posted externally, there was extra information that could have been put in the binary file of plugins (not posting the specifics here) distributed on Roblox that could run basically anything. This includes running programs outside of Roblox Studio. This is a really bad exploit, which is why an update was pushed out.

As several others have posted, double check your plugins are from the people you expect. Even if you didn’t do it recently, still double check because there could be other issues (i.e. adding admin script backdoors).

7 Likes

I was concerned about my game. If someone somehow found a way to insert scripts or something.

1 Like

probably not then, if an attacker abused this flaw they would’ve probably done so much worse

2 Likes

You should probably also be concerned on the device you use to create that game aswell though just saying, as this is MUCH worse than your game getting a backdoor to let people cheat in your game…

3 Likes

Just watched a GLC video on this, but it looks to be a vulnerability where people could run any software on your computer, including viruses and RATs through malicious plugins.

1 Like

What exactly is this again? Is this related to the ACE exploit that synapse had a little while ago? What did this do? I am confused :sweat:

With that said, I am glad that Roblox was on top of this quickly. Bravo engineers! :heart::heart::heart::heart:

3 Likes

What exactly is this again?

In a nutshell, an exploit that allows people to execute code using plugins; Roblox made a quick fix on this, and they’re still investigating this issue
The exploit is revolving around the 0x1D typeid, since that exact typeid is included into built-in plugins. In the disassembled source, it is officially denoted as literal bytecode

Is this related to the ACE exploit that synapse had a little while ago?

Correct, but this is much worse

What did this do?

Nothing as of now, since people seem to uninstall roblox studio until the issue has been resolved

1 Like

Honestly unbelievable that this kind of security vulnerability was even allowed to exist, but with the events we’ve seen this year so far (crosswoods incident), it’s not even surprising anymore.

We’re also quite lucky we haven’t seen any major plugin breaches so far, else this incident would’ve been much, much worse.

7 Likes

The exploit mainly focuses on the plugins, where they would backdoor your laptop after installing a untrusted plugin and then insert a RAT (Remote Control Trojan) in your computer. This is due to the fact that the plugin creators can actually execute raw Lua bytecode.
For now, before installing a plugin:

  • Look at the votes. If there is no votes or has votes below 55%, do not install it.
  • If a creator is unverified, there is a risk of you going to get a virus.
2 Likes