Ubisoft DRM creates security exploit, since patched

Uplay PC application lets websites gain access to computers, company urges users to update launcher.


A security flaw in Ubisoft PC anti-piracy software was discovered this weekend which theoretically any website could exploit to gain access to a user's computer. The Uplay browser plugin which created the backdoor was exposed Sunday by a Google security engineer looking into the matter in his spare time, and corrected with a forced update from Ubisoft earlier today.

Never trust amorphous blobs with low-level system access.
Never trust amorphous blobs with low-level system access.

Security engineer Tavis Ormandy discovered the issue while looking into his installation of Assassin's Creed: Revelations, where he found the Uplay launcher gave its accompanying browser plugin "unexpectedly (at least to me) wide access to websites." Other users went on to make a demonstration site which was able to successfully launch Windows' calculator application on affected computers.

Ubisoft responded to the issue with a patch and a statement given to Rock Paper Shotgun and other sites, instructing users to update their Uplay applications as soon as possible. "Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

$9.98 on Walmart

GameSpot may get a commission from retail offers.

Got a news tip or want to contact us directly? Email news@gamespot.com

Join the conversation
There are no comments about this story