Ubisoft stoppers Uplay plug-in hole

Summary:Games developer Ubisoft has patched a serious vulnerability in a plug-in for its Uplay DRM software that could have allowed a hacker to take remote control of a user's computer

Games company Ubisoft has patched a serious vulnerability that could have allowed a hacker to take over a victim's computer.

Uplay
Ubisoft has patched a hole in its Uplay browser plug-in. Image credit: Ubisoft

The flaw lay in a browser plug-in for Uplay, Ubisoft's in-game rewards and connection system, and could have allowed a malicious website to take control of a victim's computer, the company said.

The hole, found by Google security researcher Tavis Ormandy , was patched on Monday.

"We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today," Ubisoft said in a statement. "We recommend that all Uplay users update their Uplay PC application without a web browser open. This will allow the plug-in to update correctly."

"The browser plug-in that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they're being made," the company added. "This weakness could allow the application to specify any executable to run, rather than just a game."

An updated version of the Uplay PC installer with the patch is also available from Uplay.com, the company said.

The patch will also update users' clients to Uplay version 2.0.4.

Ubisoft denied reports that Uplay contained a rootkit - a piece of software created to stealthily allow access to a computer.

"The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilises which suffered from a coding error that allowed systems usually used by Ubisoft PC game developers to make their games," said the company.

Companies are coming under increasing pressure to allow employees to use their own computing devices , a trend known as 'BYOD', or 'bring your own device'. BYOD brings vulnerabilities introduced into home devices, for example through gaming platforms, into the sphere of enterprise concerns.

Topics: Security, Consumerization

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.