Myce.com Latest Updates

Ubisoft DRM allows backdoor for malware

Posted 30 July 2012 17:37 CET by Kerry Brown

Ubisoft has been quite notorious amongst pc gamers for the digital rights management added to their games over the last few years. Their reputation may sink even lower now, if possible, due to a backdoor discovered by a programmer named Tavis Ormandy. The exploit is found in the Uplay software necessary to play many of Ubisoft’s current games. UPlay installs a browser plug-in, and that is where the exploit was discovered. It will allow a malicious hacker virtually complete access to your pc.

Disabling UPlay and UPlay PC Hub seems to close the exploit, but of course, this also keeps you from playing your games. Ubisoft has not released a statement, other than telling PC Gamer that they are “looking into” the problem.

You can read the story at Ars Technica, and find the original post from Mr. Ormandy here.

Edit: Ubisoft has responded to the reported exploit with a patch and this official comment:

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

DukeNukem
MyCE Resident Commenter
Posted on: 30 Jul 12 16:18
Looks like I won't be playing another Ubisoft game again... ever.
0 Agree

Mr. Belvedere
MyCE Resident
Posted on: 30 Jul 12 21:06
Oh well, they patched it.
0 Agree

coolcolors
MyCE Resident
Posted on: 31 Jul 12 03:01
Quote:
Originally Posted by Mr. Belvedere
Oh well, they patched it.

That's what they like us to believe.....
0 Agree

debro
Blown to smitherines
Posted on: 31 Jul 12 04:25
Quote:
Originally Posted by Mr. Belvedere
Oh well, they patched it.
I feel so much better, now that the company that rolled out the red carpet for malicious hackers said that they have fixed the problem.
0 Agree

Mr. Belvedere
MyCE Resident
Posted on: 31 Jul 12 06:40
Quote:
Originally Posted by coolcolors
That's what they like us to believe.....
I'm pretty sure their single purpose in life is to mess with their customers.
0 Agree

Register
Login

Register to Myce.com

Register in 10 seconds, pick a username, enter your mail address and proof you're human, that's all!

An username is required and can only contain letters and numbers
Email is required, we'll send the password there

Welcome back

Sign in with your Myce account. Not a member yet? Create an account

A username is required and can only contain letters and numbers
A password is required

Post your comment