Ubisoft DRM creates security exploit, since patched

Uplay PC application lets websites gain access to computers, company urges users to update launcher.

Comments

Related
Assassin's Creed: Revelations
Follow

A security flaw in Ubisoft PC anti-piracy software was discovered this weekend which theoretically any website could exploit to gain access to a user's computer. The Uplay browser plugin which created the backdoor was exposed Sunday by a Google security engineer looking into the matter in his spare time, and corrected with a forced update from Ubisoft earlier today.

Never trust amorphous blobs with low-level system access.
Never trust amorphous blobs with low-level system access.

Security engineer Tavis Ormandy discovered the issue while looking into his installation of Assassin's Creed: Revelations, where he found the Uplay launcher gave its accompanying browser plugin "unexpectedly (at least to me) wide access to websites." Other users went on to make a demonstration site which was able to successfully launch Windows' calculator application on affected computers.

Ubisoft responded to the issue with a patch and a statement given to Rock Paper Shotgun and other sites, instructing users to update their Uplay applications as soon as possible. "Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

Got a news tip or want to contact us directly? Email news@gamespot.com

  •   View Comments (0)
    Join the conversation
    There are no comments about this story