Gaming company Ubisoft has moved to patch a security flaw in its Uplay application, following complaints of a rootkit that emerged yesterday.
Google security researcher Tavis Ormandy found the flaw, after buying the game ‘Assassin’s Creed Revelations’. He discovered that during the installation procedure, the Uplay browser add-on was granting Ormandy “unexpectedly (at least to me) wide access to websites”.
It was determined that specially-crafted websites could force the computers with the plug-in running to open certain programs. A researcher proved this by making a calculator launch when a person running Uplay visited such a site.
The methodology could be used for far more malicious actions. But it will no longer work, thanks to sharp work from the Ubisoft security team, which said reports of a rootkit in the Digital Rights Management (DRM) part of its software were incorrect.
“We have just released a new patch for Uplay PC, which will update your client to version 2.0.4. This patch corrects a flaw in the browser plug-in that was brought to our attention earlier today,” the games maker said on Facebook yesterday.
“We recommend that you update your Uplay PC application without a web browser open, as this will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch is also available from Uplay.com.
“Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”
Are you a security nerd? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…