Ubisoft's Uplay System Contains "Serious Security Vulnerability"
Malicious websites could access your PC.
Ubisoft's Uplay system contains a "serious security vulnerability" that allows malicious websites to break into your PC and control it without your knowledge.
The claim, supported up by fellow IT security specialists and confirmed by Eurogamer's in-house tech-fetishists Digital Foundry, originated from Google security engineer Tavis Ormandy. The vulnerability was originally reported to be an intentional rootkit included in Ubisoft's DRM, but further investigation has concluded that Uplay just features "really bad code."
Full details of the exploit can be found on SecLists.org's mailing list. It affects anyone who has installed a Ubisoft PC game in the past - as many as 21 titles. These include:
Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved
Digital Foundry offers some guidance to gamers who have installed these games. "Anyone with a PC title installed using the UPlay system can prevent the exploit from working by disabling the UPlay browser plug-in - in theory, it's as simple as that. Stopping the browser from running the plug-in closes the backdoor, and without that crucial bridge, malicious HTML based on this exploit will not function."
Sources: Geek, Digital Foundry
The claim, supported up by fellow IT security specialists and confirmed by Eurogamer's in-house tech-fetishists Digital Foundry, originated from Google security engineer Tavis Ormandy. The vulnerability was originally reported to be an intentional rootkit included in Ubisoft's DRM, but further investigation has concluded that Uplay just features "really bad code."
Full details of the exploit can be found on SecLists.org's mailing list. It affects anyone who has installed a Ubisoft PC game in the past - as many as 21 titles. These include:
Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved
Digital Foundry offers some guidance to gamers who have installed these games. "Anyone with a PC title installed using the UPlay system can prevent the exploit from working by disabling the UPlay browser plug-in - in theory, it's as simple as that. Stopping the browser from running the plug-in closes the backdoor, and without that crucial bridge, malicious HTML based on this exploit will not function."
Sources: Geek, Digital Foundry
Companies:
Ubisoft
Read More Like This