Thursday, July 24, 2014
Search
  
Monday, July 30, 2012
 Ubisoft To Fix Security Hole Exposed By Games' Plug-in
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text: Ubisoft has been forced to release an emergency patch to fix a security hole discovered in its Uplay application.

The Uplay copy protection system from the game publisher Ubisoft comes with a browser plugin that tears a huge security hole in the computer. It is possible for attackers to use JavaScript to persuade the plugin to launch arbitrary processes. The problem was discovered by Google security expert Tavis Ormandy, who, while on vacation, bought "Assassin's Creed Revelations" and reported his observations on the Full Disclosure mailing list:

"While on vacation recently I bought a video game called Assassin's Creed Revelations. I didn't have much of a chance to play it, but it seems fun so far.

"However, I noticed the installation procedure creates a browser plug-in for it's accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

Uplay is a system that allows gamers to earn points and rewards for performance which are logged online. The Uplay software is bundled with major titles like Assassin's Creed.

"We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said.

"This will allow the plug-in to update correctly.

"An updated version of the Uplay PC installer with the patch also is available from Uplay.com."
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .