Skip to main content

Ubisoft Patches uPlay Browser Plug-In Backdoor Flaw

Bringing up Ubisoft's always-online DRM through uPlay is sure to elicit groans of annoyance and protest from any PC gamer. The latest issue with uPlay is only sure to aggravate them even further.

Google information security engineer Tavis Ormandy discovered that the browser plugin to launch uPlay opened up a backdoor that allowed any website access to a user's computer.

" …I bought a video game called "Assassin's Creed Revelations". I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it's [sic] accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites," wrote Ormandy in a post on Seclists.org. 

Luckily, Ubisoft was quick to respond to the exploit and managed to release a patch that fixed the issue within a day.

"We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly," said Ubisoft in a statement.

Considering that 21 Ubisoft titles use uPlay, among them some of Ubisoft's biggest titles—the Assassin's Creed series, Driver: San Francisco, and Ghost Recon: Future Soldier—it was imperative that Ubisoft quickly resolve the issue. So far, there's been no word on whether or not any uPlay users have been hacked as a result of the exploit.

 

Contact Us for News Tips, Corrections and Feedback