I don't know how true this is but given the history of hackers and lack of response by rockstar plus the extent from personal experience that hackers can influence the game it wouldn't surprise me. Plus Rockstar never care about things unless it causes a dip in shark cards sales.
Not sure what can be done or how great the threat is maybe never go into public sessions run with a vpn or just don't play just to be safe.
Comments
While corrupting game files through mods is believable, RCE without evidence is a stretch. That would require privilege elevation, breaking the process boundary or arbitrary code execution outside of the user save file directory. Mods aren't arbitrary code because they must run within an engine, it's not like malware spawning new processes.
IP leaking is a problem for content creators and yes, R* should fix that but that's not RCE evidence. You can avoid that playing with friends in closed sessions but then with the prevalence of hackers, you can only play the game that way anyway.
Additionally, there are cabals of security research teams that hunt for RCE bounties and I guarantee we'd have seen R* CVEs appear by now.
R* should fix their buggy, hacker ridden mess (they won't) but RCE sounds amazingly unlikely.
Yeah it did seem like a bit of a stretch but the rest of it seems verifiable and that in and of itself is a good reason not to ever boot the thing into a public lobby. Since it always boots into a public lobby by default unless you do the single player then multiplayer dance it seems worth being extra careful
So now there's a CVE for the hack mod that people have been using to do damage to the accounts (turned up on my morning security press trawl).
They're saying it's only a partial RCE because it can't break out of the engine. However, if there is one fat hole then there might be another. The attack appears to require IP, so either VPN or stay out of public lobbies!
Bland but at least they are acknowledging it!