Digital Spy

Search Digital Spy
0

Gaming News

Ubisoft's uPlay client represents huge security risk?

By
Ubisoft logo
Ubisoft's uPlay client poses a potential security risk to computers, it has been suggested.

Affecting titles such as Assassin's Creed: Revelations, Splinter Cell: Conviction and Ghost Recon: Future Soldier, the security vulnerability could potentially allow malicious websites to take control of a user's PC, reports Eurogamer.

It was discovered by programmer Tavis Ormandy, who said: "While on vacation recently I bought a video game called Assassin's Creed: Revelations. I didn't have much of a chance to play it, but it seems fun so far.

"However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites

"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it (I'm not really interested in video game security, I air-gap the machine I use to play games)."

Originally suspected to be a rootkit, which would potentially grant hackers access to sensitive files, it is now thought to be a simple oversight that can be switched off by disabling the uPlay browser plugin.

Ubisoft has so far not commented on the potentially exploitable code, but has been urged to swiftly update its uPlay service to prevent hackers from taking advantage of it.

The uPlay Passport was introduced with last year's Driver San Francisco.

In addition to registering games to a system, it provides players access to bonus content and online multiplayer features.

Update: Ubisoft has responded with the following statement:

"We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

"Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues."

Watch a trailer for Driver San Francisco below:

You May Like

Comments

Loading...