Myce.com Latest Updates

Ubisoft DRM allows backdoor for malware

Posted at 30 July 2012 17:37 CEST by Kerry Brown

Ubisoft has been quite notorious amongst pc gamers for the digital rights management added to their games over the last few years. Their reputation may sink even lower now, if possible, due to a backdoor discovered by a programmer named Tavis Ormandy. The exploit is found in the Uplay software necessary to play many of Ubisoft’s current games. UPlay installs a browser plug-in, and that is where the exploit was discovered. It will allow a malicious hacker virtually complete access to your pc.

Disabling UPlay and UPlay PC Hub seems to close the exploit, but of course, this also keeps you from playing your games. Ubisoft has not released a statement, other than telling PC Gamer that they are “looking into” the problem.

You can read the story at Ars Technica, and find the original post from Mr. Ormandy here.

Edit: Ubisoft has responded to the reported exploit with a patch and this official comment:

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

Click to share

There are 5 comments

DukeNukem
MyCE Resident Commenter
Posted on: 30 Jul 12 18:18
    Looks like I won't be playing another Ubisoft game again... ever.
    Mr. Belvedere
    MyCE Resident
    Posted on: 30 Jul 12 23:06
      Oh well, they patched it.
      coolcolors
      MyCE Resident
      Posted on: 31 Jul 12 05:01
        Quote:
        Originally Posted by Mr. Belvedere
        Oh well, they patched it.

        That's what they like us to believe.....
        debro
        Blown to smitherines
        Posted on: 31 Jul 12 06:25
          Quote:
          Originally Posted by Mr. Belvedere
          Oh well, they patched it.
          I feel so much better, now that the company that rolled out the red carpet for malicious hackers said that they have fixed the problem.
          Mr. Belvedere
          MyCE Resident
          Posted on: 31 Jul 12 08:40
            Quote:
            Originally Posted by coolcolors
            That's what they like us to believe.....
            I'm pretty sure their single purpose in life is to mess with their customers.

            Post your comment

            You need to register before you can comment

            Like us

            Most popular headlines

            Android Lollipop Preview build LPX13D hands on

            Google today released the second version of Android L Preview. The latest versio...

            Kingston HyperX Fury 240GB SSD review

            • Sun 19 Oct 09:10 by Vroom

              Review: Kingston HyperX Fury Reviewe...

            Microsoft continues fight against adware - forbids fake close buttons

            Microsoft has announced stricter rules for adware, the company will now also con...

            Freedom hack allows Android in-app purchases without paying

            An Android application called "Freedom" is spreading on the internet a...

            Malwarebytes - Myce Exclusive Discount Promotion

            At Myce we're always keen to bring the best discounts, promotions, and offers to...

            See all headlines

            Community Activities

            Follow Myce.com