Ubisoft DRM exploit opens PCs to security risk

[+Frank B. Subscriber²]

Ubisoft DRM exploit opens PCs to security risk

There's no fix available yet, but Ubisoft is "looking into" the issue.

Ubisoft hasn't exactly garnered much goodwill among PC gamers thanks to the controversial DRM efforts it has attached to its PC releases over the years. That goodwill seems likely to decline even more with the revelation that installing the company's UPlay game management system can apparently open up your computer to malicious code insertion.

The exploit, publicized this morning by programmer Tavis Ormandy, utilizes a bug in a browser plug-in installed alongside the UPlay software that's needed to run many of the publisher's recent PC games. With the plugin installed, opening a link to a page with a specific bit of Javascript code allows that page to open up the UPlay software and load seemingly any code it wants onto your PC (an example page posted by Ormandy will load a new copy of the Microsoft calculator onto any system that's affected by the security hole).

Disabling the "UPlay" and "UPlay PC Hub" plugins on your browser seems to stop the exploit, but if you'd rather be safe than sorry, it's probably best to unistall UPlay altogether while waiting for a fix to come in.

Ubisoft didn't immediately responded to a request for comment on the matter, but PC Gamer has been told the company is "looking into" the issue.

Source: Ars Technica

[nominak]

Go into your web browser and disable the uPlay plug-in. Issue fixed.

[Vice]

DRM only affects paying customers. Pirates have no problem getting any game they want and without these issues. DRM doesn't work and they should be ashamed.

[CentralDogma]

Shameful!

[Rudy]

Go into your web browser and disable the uPlay plug-in. Issue fixed.

I would disagree since a lot of users might not be aware they have this security hole (before yesterday everyone had the hole and were at risk)

[Singh400]

They've rolled out a fix now. Still doesn't excuse this in the first place!

[+BeLGaRaTh Subscriber¹]

I deleted these files from Firefox and Opera a while back (the only two browsers I use) They appeared after UPlay was upgraded to 2.0 and I spotted them more or les straight away as I am quite paranoid about software on my machine so checks those extensions etc quite a bit.

I thought it was something like what BF3 was trying to do, but seeing as I dont launch ubisoft games through my browser I deleted them.

[M_Lyons10]

This is one of my main issues with DRM. No software like this (That gets updated as infrequently as DRM) should be installed on this many computers and more often than not at this point connected to the internet. It's asking for problems.

[chrisj1968]

this goes hand in hand with the fact that, after almost 2 months since the game was released, they haven't fixed any of the issues that causes most people to not be able to run the game. Now word from UBISOFT forums is that they are still trying to test the TU1.4(new name for patch 1.4). my thinking is, the gamers will flee to other titles when TU 1.4 does release.

as UBISOFT sinks beyond the horizon...... :rofl:

[+Majesticmerc MVC]

Seriously, why do PC gamers keep buying Ubisoft ****? They've made it very clear that they don't like us, don't want us to play their games, and seem to go out of their way to make life hard for us. The PC ports of their games are always terrible, they're given little more than lip service in terms of patches once they're released. The only Ubi game I've bought in 6 years was Splinter Cell Conviction, and even then I wish I hadn't.

Really, don't want to put up with this crap? Don't buy their games, don't even pirate them, just let them take the hint that we don't want the **** they're pedaling.

[remixedcat]

same thing with origin...

[Jack 0Neill]

There's no fix available yet, but Ubisoft is "looking into" the issue.

Not defending Ubisoft, but...

Fix has been out since before the article was published.