Announcement

Collapse
No announcement yet.

Ubisoft rush to fix security hole exposed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Ubisoft rush to fix security hole exposed

    Ubisoft rush to fix security hole exposed by plug-in
    Games affected include the massively popular Assassin's Creed series Mobile games pay off for Ubisoft
    Games maker Ubisoft has been forced to release an emergency patch to fix a security hole discovered in its Uplay application.

    A web browser add-on reportedly left users open to outside attackers gaining control of their computer.

    The Uplay software is bundled with major titles like Assassin's Creed.

    "We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said.

    "This will allow the plug-in to update correctly.

    "An updated version of the Uplay PC installer with the patch also is available from Uplay.com."

    Uplay is a system that allows gamers to earn points and rewards for performance which are logged online.

    As well as the multi-million-selling Assassin's Creed series, Uplay is also used with games such as Call of Juarez: San Francisco, Just Dance 3 and several titles in the Tom Clancy series.

    Vacation discovery

    The spokesman added: "Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues."

    The flaw was discovered by Tavis Ormandy, a Google employee.

    On a mailing list for information security experts and hobbyists, he wrote: "While on vacation recently I bought a video game called Assassin's Creed Revelations. I didn't have much of a chance to play it, but it seems fun so far.

    "However, I noticed the installation procedure creates a browser plug-in for it's accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

    It was discovered that any website could force users with the plug-in to open any program on their PC.

    To demonstrate this, one security researcher created a website proving the exploits' existence. When a person visited the website, the calculator program would launch.

    While the calculator is harmless, experts warned that the technique could be used to launch a potentially malicious program.

    #2
    Good to know.
    [img]https://farm5.staticflickr.com/4373/35734799443_53cb20ef13_z.jpg[/img]


    Killed by CLRs since 2004. WOOT!
    Support Cainslair. Donate here! [url]http://www.cainslair.org/billspaypal.php?[/url]

    Comment

    Cain's Lair Forums Statistics

    Collapse

    Topics: 26,187   Posts: 269,850   Members: 6,183   Active Members: 7
    Welcome to our newest member, Fermin13Q.

    Today's Birthdays

    Collapse

    There are no members with birthdays today.

    Top Active Users

    Collapse

    There are no top active users.

    More Posts

    Collapse

    • Reply to Hi guys!
      by Evil_T0NY {CLR}
      I've been Alpha and will be Beta testing the Delta Force game. It's been really getting good reviews! Definitely a good Battlefield feel to it like the...
      14 Nov 2024, 08:50 PM
    • Reply to Hope your all OK over there
      by Apache Warrior
      We had 17 inches of rain from the storm on November 7, 2024.
      Apache
      11 Nov 2024, 07:55 AM
    • Reply to Hope your all OK over there
      by Sirex
      Aye, I'm inclined to agree with that lmao
      Gone are the days of warm summers and snow filled winters here, nothing but rain and wind for 8mths of...
      10 Nov 2024, 08:53 PM
    • Reply to Hope your all OK over there
      by Apache Warrior
      Now we have had a lot of flooding in this area and there are still a lot of houses that have not been repaired. Must be the apocalypse.
      ...
      8 Nov 2024, 09:23 AM
    Working...
    X