Posted on July 30, 2012, Ben Richardson UPlay Browser Plug-in Compromises PC Security
As reported by Rock, Paper, Shotgun and Geek.com (among others), a previously unidentified browser plug-in installed by Ubisoft’s Uplay DRM service poses grave risks to the security of PC’s with Uplay installed.
Thanks to Ubisoft’s negligence, hackers could theoretically exploit the plug-in via innocuous-looking websites, calling up vulnerable Uplay browser windows and using them to install or launch all manner of software. Once the exploit succeeds, the possibilities range from keylogging to wiped hard-drives.
UPDATE: Ubisoft have issued a patch which should close the security hole, though the company stopped short of offering an apology, or explaining why the problem existed in the first place:
“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”