It’s quite a short changelog, as presumably CDPR were looking to get this particular issue solved quickly. “This update addresses the vulnerability that could be used as part of remote code execution (including save files),” they say in the patch notes. They’ve “fixed a buffer overrun issue,” and “removed/replaced non-ASLR DLLs.” As a refresher on what was going on, CDPR explained to Eurogamer earlier this week: The modder credited with identifying the vulnerability has explained in a post that “Although executable mods will always be potentially dangerous, asset archives and save files always look harmless(because they SHOULD be as harmless as text files). This vulnerability impacts mods of these data files and make them execute arbitrary code when loaded by the game.” There’s a much longer explanation of exactly which kinds of mods could be used to exploit this vulnerability in the main post as well. With this hotfix out and downloaded it’s at least slightly safer to go back to installing your mods of choice and sharing save files. Probably. Unless something else major comes up. If you happen to be shopping around for some, RPS has you covered with a list of the best Cyberpunk 2077 mods.
