Sign up for a new account or log in here:
Ubisoft’s always-on DRM mechanisms have been a point among a majority of gamers who feel they are a hassle to paying customers and ineffective at thwarting pirates. Well, it appears that even more worrisome side-effects are possible too, with the revelation that installing the company's UPlay game management system can open up your computer to malicious code insertion through the web browser.
The flaw was disclosed by Google security engineer Tavis Ormandy this morning, who noted that a browser plugin installed alongside Uplay, meant to launch locally-stored games from the web, doesn't have a filter for what websites can use it. This essentially left an open door on thousands of machines that can be exploited via a maliciously crafted web page.
Ubisoft has since released an update for their browser plug-in (found in over 20 different titles) to address the issue. You can also disable the plug-in altogether in your browser settings. Below is the company’s official statement and the full list of games that install the plug-in in question:
“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”
List of Uplay enabled games
Get free exclusive content, learn about new features and breaking tech news.