Report: Ubisoft's UPlay service may have browser exploit on PC
Between delays and draconian DRM, Ubisoft doesn't exactly have the best track record when it comes to the PC versions of its products. We might have to add browser exploits to that list, if a post on Seclists.org is to be believed. According to a poster by the name of Tavis Ormandy, Ubisoft's UPlay browser plugin, designed to let users launch a game from the web, contains an exploit - namely one that allows "wide access to websites."
Ormandy discovered the flaw in the PC version of Assassin's Creed Revelations, though it's reasonable to assume it would appear in all of Ubisoft's UPlay enabled PC titles.
The upshot of this, according to TechDirt, is that the exploit could allow any website - i.e. "bad websites" - access to your computer. Both Joystiq and Engadget have contacted Ubisoft to confirm the flaw. In the meantime, you may want to disable the UPlay browser plugin.
Ormandy discovered the flaw in the PC version of Assassin's Creed Revelations, though it's reasonable to assume it would appear in all of Ubisoft's UPlay enabled PC titles.
The upshot of this, according to TechDirt, is that the exploit could allow any website - i.e. "bad websites" - access to your computer. Both Joystiq and Engadget have contacted Ubisoft to confirm the flaw. In the meantime, you may want to disable the UPlay browser plugin.
Related Posts:
- Ubisoft Responds To UPlay Security Drama, Issues Patch - rockpapershotgun
- Ubisoft's uPlay Has a Security Hole. Here's How You Can Fix It. - kotaku
- PSA: Possible Security Risk In Some Ubisoft PC Games - rockpapershotgun
