Nvidia GeForce Now has a nasty security flaw — what to do now

Nvidia GeForce Now
(Image credit: Nvidia)

Windows users of Nvidia's GeForce Now cloud-gaming service need to update their desktop software, as there's a serious security flaw that could let malware take over the PC.

You've got to update the Windows GeForce Now client software to at least version, per an Nvidia security advisory. The Mac, Chrome OS, Android and Nvidia Shield GeForce Now clients are not affected.

"NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges," states the advisory.

In plain English, according to Threatpost, this means that an attacker with access to the PC — perhaps a person, or perhaps a piece of malware that got installed by other means — would be able to plant a booby-trapped file that the GeForce Now program could load and run. That in turn could lead to further malware infection or attacker control of the machine.

You can update GeForce Now to version by simply launching the application. The new version should automatically download itself, after which you need to follow the prompts to install it. If that doesn't work, Nvidia has a help page recommending various measures to take.

GeForce Now is a freemium subscription service that lets gamers play games on Nvidia's own servers, accessing the games remotely from client machines. It isn't the same as the GeForce Experience software that's used to manage Nvidia graphics-card settings and driver updates.

The games are bought from Steam or other digital distributors. You've got to pay $5 per month for game sessions lasting longer than an hour. 

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.