Results 1 to 2 of 2

Thread: Uplay DRM Security Flaw Fixed by Ubisoft

  1. #1
    Join Date
    May 2009
    Posts
    2,881

    Uplay DRM Security Flaw Fixed by Ubisoft

    Players who use the online Uplay client, published by Ubisoft, are invited to update the software since the versions previously distributed suffered a security breach to obtain code execution remotely from a single Web page.

    Tavis Ormandy, a security researcher at Google, has recently discovered the existence of a major security flaw in the browser extension system participant Uplay, published by Ubisoft and associated with many of its flagship titles.


    Uplay is as a software client that serves as an entry point for accessing the user's Ubisoft games. The platform allows the publisher to include valuing the purchase of new games by distributing, via codes, or access to exclusive content. During installation, the executable will also invite uplay.exe within the user's browser via an extension (plugin), allowing the launch of a game directly from a Web page.

    Problem that was discovered by Ormandy was, 2.0.3 and earlier versions of the Uplay installer were not limited to permit the execution of a game from the browser. Insufficiently secure, the plugin opened the way for remote code execution without verification.

    The case was soon to hit the mainstream on the Web, not without causing its share of harsh criticism. Ubisoft has responded quickly, on Monday, by proposing an update of the Uplay client, now available in version 2.0.4. The players involved have a vested interest to uninstall the version installed on their system prior to updating. They can also disable the plugin automatically associated with their browser via the Extensions menu of the latter.

  2. #2
    Join Date
    Mar 2005
    Posts
    554

    Re: Uplay DRM Security Flaw Fixed by Ubisoft

    A fault which, if exploited to fraudulently, allows to run any malware, spyware and other viruses hosted on another website. If you have not yet made the upgrade to Uplay 2.0.4 that fixes the flaw in question, it is better to disable the plugin to avoid. The list of games using Uplay on PC is very long and includes the biggest hits like Assassin's Creed series, Prince of Persia series, etc.

Similar Threads

  1. Trouble with simplying a fixed cost/fixed duration project plan
    By stewart AFTS in forum Microsoft Project
    Replies: 3
    Last Post: 20-02-2012, 07:02 PM
  2. Will there be a siri security flaw in iPhone 4S?
    By bIbEkS in forum Portable Devices
    Replies: 6
    Last Post: 11-10-2011, 08:40 PM
  3. Security flaw in Media Player
    By Abhibhava in forum Windows Software
    Replies: 5
    Last Post: 08-01-2010, 12:12 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •