Myce.com Latest Updates

Ubisoft DRM allows backdoor for malware

Posted at 30 July 2012 17:37 CET by Kerry Brown

Ubisoft has been quite notorious amongst pc gamers for the digital rights management added to their games over the last few years. Their reputation may sink even lower now, if possible, due to a backdoor discovered by a programmer named Tavis Ormandy. The exploit is found in the Uplay software necessary to play many of Ubisoft’s current games. UPlay installs a browser plug-in, and that is where the exploit was discovered. It will allow a malicious hacker virtually complete access to your pc.

Disabling UPlay and UPlay PC Hub seems to close the exploit, but of course, this also keeps you from playing your games. Ubisoft has not released a statement, other than telling PC Gamer that they are “looking into” the problem.

You can read the story at Ars Technica, and find the original post from Mr. Ormandy here.

Edit: Ubisoft has responded to the reported exploit with a patch and this official comment:

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

Click to share

There are 5 comments

DukeNukem
MyCE Resident Commenter
Posted on: 30 Jul 12 18:18
    Looks like I won't be playing another Ubisoft game again... ever.
    Mr. Belvedere
    MyCE Resident
    Posted on: 30 Jul 12 23:06
      Oh well, they patched it.
      coolcolors
      MyCE Resident
      Posted on: 31 Jul 12 05:01
        Quote:
        Originally Posted by Mr. Belvedere
        Oh well, they patched it.

        That's what they like us to believe.....
        debro
        Blown to smitherines
        Posted on: 31 Jul 12 06:25
          Quote:
          Originally Posted by Mr. Belvedere
          Oh well, they patched it.
          I feel so much better, now that the company that rolled out the red carpet for malicious hackers said that they have fixed the problem.
          Mr. Belvedere
          MyCE Resident
          Posted on: 31 Jul 12 08:40
            Quote:
            Originally Posted by coolcolors
            That's what they like us to believe.....
            I'm pretty sure their single purpose in life is to mess with their customers.

            Post your comment

            You need to register before you can comment

            Like us

            Most popular headlines

            Nexus Player to be codenamed Fugu and powered by Intel Atom SoC (updated)

            Traces in the Android source code give us hints that the next Nexus device will ...

            A look inside Google's secret and huge datacenters: cables and pipes

            It's likely you haven't seen a datacenter from the inside before and certainly n...

            Free software decrypts and converts Blu-ray disc to 2% of its size with nearly same quality

            The Spanish company CineMartin claims to have developed software that makes it p...

            Virus scanner Avast 2015 checks router and network security

            Anti-virus company Avast released the 2015 version of their virus scanner w...

            Windows 7 no longer sold to consumers - all about Windows 8.1 now

            Microsoft will no longer sell computers with Windows 7 installed starting t...

            See all headlines
            Follow Myce.com