Elvui Vulnerability - Update to 7.08

Useful information about World of Warcraft Add-ons and in-game macros. Any hacks or violations of Blizzard's agreement are prohibited in this forum.
Post Reply
Bloodzugg

Elvui Vulnerability - Update to 7.08

Post by Bloodzugg » Fri Oct 17, 2014 4:52 pm

It was recently discovered that there was a backdoor coded into Elvui that gave the developer and his girlfriend remote access to the "chat" ui of any player in their group/raid.

http://www.reddit.com/r/wow/comments/2j ... remove_it/

http://us.battle.net/wow/en/forum/topic/14882288964

The summary is this. The developer coded a method such that if you had elvui, they could send a command that passed messages into your elvui which relayed the message to your own chat interface. This includes forcing your character to make statements in any channel you had access to, running commands that did not require accepting additional prompts such as /follow.

The code has been removed in versions 7.08 and above, but the choice to continue using the addon is purely yours. If you do choose to continue, you should at least get the latest update.

*Update: The Elvui Shadow & Light addon also contains malicious code.
http://imgur.com/a/TUvWy

User avatar
Karavanth
High Warlord
High Warlord
Posts: 4571
Joined: Wed Nov 28, 2007 7:48 pm
Class: Monk
Spec: Melee DPS
Location: Half awake, in a fake empire.

Re: Elvui Vulnerability - Update to 7.08

Post by Karavanth » Fri Oct 17, 2014 6:44 pm

So... That's horrifying. And immature.

Thanks for the heads up!!

Post Reply