INQUISITR.COM / Entertainment

Ubisoft Addresses Uplay Plugin Security Flaw

By Daniel McCall
Published on: 13:45 PST, Jul 30, 2012

If you have Ubisoft’s Uplay client and the associated browser plugin installed on your computer, you may want to pay attention–the company announced that it has confirmed and addressed (via a patch) a nasty exploit involving the plugin.

Reports of the exploit first began surfacing early morning. As RPS reported, the browser plugin for Uplay, which allowed for launching games directly from the browser, contained a major security flaw that could also allow ne’er-do-wells to launch any program on a user’s machine with the plug-in installed. Essentially, the plug-in acts as an unintentional backdoor.

Fortunately, Ubisoft was able to get the vulnerability fixed relatively quickly, and a patch has been releas“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today,” the publisher said today. “We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly”.

For more information on the exploit, and what to do if you have the browser plugin, see below for more information directly from Ubisoft.

The Situation:

The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.

Corrective Measures:

The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plugin so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.

Patching:

To update your Uplay client and apply the patch:

-Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.) If the web browser is open during the patch it will require restarting the browser.

-Launch the Uplay PC client. The Uplay PC client update will start automatically.

An updated version of the Uplay PC installer is also available to download from Uplay.com.

Q&A:

Q: Is the issue a rootkit as was reported by various media outlets?

The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed systems usually used by Ubisoft PC game developers to make their games.

Q: Is this issue related to DRM?

No. The browser plugin issue is just for launching the Uplay application.

Q: Can the browser plugin still launch other executables (programs)?

The browser plugin can now only launch the Uplay application.

Share this article: Ubisoft Addresses Uplay Plugin Security Flaw

ubisoft

Popular On Inquisitr

Ubisoft Addresses Uplay Plugin Security Flaw

Here's Looking at How Billionaire Taylor Swift Spends Her Money

Kate Middleton Might have Gotten Her Prince, But Her Sister Pippa is the Rich One Rolling in Money

Donald Trump's Eyebags Stand Out at Hush Money Trial: 'Pink Eyeliner Was a Bold Choice'

When Donald Trump's Late Wife Ivana Trump Recalled His Betrayal, Said "I Feel Bad for Melania Trump"

Donald Trump Supporter Claimed He Was Kicked out of the Army for Having a Photo of the Ex-President