Announcement

Collapse
No announcement yet.

Ubisoft rush to fix security hole exposed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Ubisoft rush to fix security hole exposed

    Ubisoft rush to fix security hole exposed by plug-in
    Games affected include the massively popular Assassin's Creed series Mobile games pay off for Ubisoft
    Games maker Ubisoft has been forced to release an emergency patch to fix a security hole discovered in its Uplay application.

    A web browser add-on reportedly left users open to outside attackers gaining control of their computer.

    The Uplay software is bundled with major titles like Assassin's Creed.

    "We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said.

    "This will allow the plug-in to update correctly.

    "An updated version of the Uplay PC installer with the patch also is available from Uplay.com."

    Uplay is a system that allows gamers to earn points and rewards for performance which are logged online.

    As well as the multi-million-selling Assassin's Creed series, Uplay is also used with games such as Call of Juarez: San Francisco, Just Dance 3 and several titles in the Tom Clancy series.

    Vacation discovery

    The spokesman added: "Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues."

    The flaw was discovered by Tavis Ormandy, a Google employee.

    On a mailing list for information security experts and hobbyists, he wrote: "While on vacation recently I bought a video game called Assassin's Creed Revelations. I didn't have much of a chance to play it, but it seems fun so far.

    "However, I noticed the installation procedure creates a browser plug-in for it's accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

    It was discovered that any website could force users with the plug-in to open any program on their PC.

    To demonstrate this, one security researcher created a website proving the exploits' existence. When a person visited the website, the calculator program would launch.

    While the calculator is harmless, experts warned that the technique could be used to launch a potentially malicious program.

    #2
    Good to know.
    [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


    Killed by CLRs since 2004. WOOT!
    Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

    Comment

    Cain's Lair Forums Statistics

    Collapse

    Topics: 26,182   Posts: 269,814   Members: 6,176   Active Members: 3
    Welcome to our newest member, 28Farrell8.

    Today's Birthdays

    Collapse

    Top Active Users

    Collapse

    There are no top active users.

    More Posts

    Collapse

    • Reply to 6 years
      by Apache Warrior
      6 Mar 2024, 08:29 AM
    • Reply to 6 years
      by Sirex
      I think there is like a magical time span when bikes become worth a fortune.

      Yeah thought its now or never haha
      Just hit 2.5K miles...
      5 Mar 2024, 04:37 PM
    • Reply to Hey Guys...It's BrundleFly
      by Sirex
      Hey Brundle nice to see your post I remember you very well hows thing with you.

      Not a busy place here these days but its still up and occasionally...
      5 Mar 2024, 04:34 PM
    • Reply to Hell Let Loose
      by Sirex
      Hey nice to see you

      Its not a busy place, least not as busy as it once was but you still get the odd message posted every few weeks...
      5 Mar 2024, 04:31 PM
    • Reply to I had Open Heart Surgery!!
      by Sirex
      Wow its amazing how well the body can cope with things it deams normal.

      Hope your recovering well and back to full steam.

      OH...
      5 Mar 2024, 04:28 PM
    • Reply to I had Open Heart Surgery!!
      by Apache Warrior
      I am glad you are recovering and will soon be back in good health.
      Apache...
      18 Feb 2024, 05:36 AM
    Working...
    X