December 4, 2016

Ubisoft forced to release patch after security hole found in its Uplay browser plug-in

(LiveHacking.Com) – The web browser plug-in that comes with Ubisoft’s copy protection and social networking system Uplay has a huge security vulnerability which allows any hacker to create a webpage which can run arbitrary code on the affected PC. By using just a few lines of JavaScript it is possible to persuade the plugin to run an arbitrary executable. The problem was discovered by Google security expert Tavis Ormandy. While on  vacation he bought “Assassin’s Creed Revelations” and reported his findings, including some test code which launched the built-in Windows calculator, on the Full Disclosure mailing list. While the calculator is of course harmless, the technique could be used to launch a potentially malicious program.

“I noticed the installation procedure creates a browser plugin for its accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites,” wrote Tavis.

The Uplay software, which is bundled with major titles like Assassin’s Creed,  Call of Juarez: San Francisco, Just Dance 3 and several titles in the Tom Clancy series, allows gamers to earn points and rewards for performance which are logged online.

Since the disclosure Ubisoft has released Uplay 2.0.4 to fix the problem. “We have just released a new patch for Uplay PC, which will update your client to version 2.0.4. This patch corrects a flaw in the browser plug-in that was brought to our attention earlier today. We recommend that you update your Uplay PC application without a web browser open, as this will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch is also available from Uplay.com,” wrote Korchaa, a Uplay Community Developer for Ubisoft. “Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

Some web sites are going as far to call the flaw in the plug-in a “rootkit”. “The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user’s consent. If this was limited just to the Uplay service with regard to checking games are legal it would still be a major concern, but the fact any website could potentially use the plugin escalates the seriousness of what is happening here,” wrote Matthew Humphries.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks