Ubisoft UPlay has serious security vulnerability
Ubisoft’s UPlay client appears to host a serious security vulnerability that could allow malicious websites to take control of your PC, according to programmer Tavis Ormandy, posting on the SecLists.Org’s “full disclosure” mailing list. The vulnerability affects anyone with key Ubisoft games installed, including several Assassin’s Creed releases (AC2 to Revelations), HAWX 2, Splinter Cell: Conviction and Ghost Recon: Future Soldier. “While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites,” Ormandy notes. “I don’t know if it’s by design, but I thought I’d mention it here in case someone else wants to look into it (I’m not really interested in video game security, I air-gap the machine I use to play games).” Read more…
