TweakTown
Tech content trusted by users in North America and around the world
6,077 Reviews & Articles | 39,025 News Posts
TRENDING NOW: GTA V will offer first-person mode on foot, and in vehicles on PC

Ubisoft accidentally installed a backdoor with its DRM

Ubisoft's DRM had a vulnerability in its browser plug-in which has now been patched

| Hacking & Security News | Posted: Jul 30, 2012 6:29 pm

Earlier today, stories were hitting the web that Ubisoft's DRM installed a browser plug-in that contained a backdoor. Ubisoft acted quickly and has released a patch to fix the security hole as it turns out that the backdoor was an accident and was in no way meant to be there, or at least not exploitable as it was.

 

TweakTown image news/2/5/25067_1_ubisoft_accidentally_installed_a_backdoor_with_its_drm.png

 

Tavis Ormandy, a Google security engineer, found the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Mr. Ormandy went as far as to post a few lines of Javascript as an untested proof of concept. This morning, the story made it onto Hacker News along with a working proof of concept.

 

The list of games which come with Uplay, and the vulnerability, are as follows:

 

Assassin's Creed II

Assassin's Creed: Brotherhood

Assassin's Creed: Project Legacy

Assassin's Creed Revelations

Assassin's Creed III

Beowulf: The Game

Brothers in Arms: Furious 4

Call of Juarez: The Cartel

Driver: San Francisco

Heroes of Might and Magic VI

Just Dance 3

Prince of Persia: The Forgotten Sands

Pure Football

R.U.S.E.

Shaun White Skateboarding

Silent Hunter 5: Battle of the Atlantic

The Settlers 7: Paths to a Kingdom

Tom Clancy's H.A.W.X. 2

Tom Clancy's Ghost Recon: Future Soldier

Tom Clancy's Splinter Cell: Conviction

Your Shape: Fitness Evolved

 

Ubisoft has issued a statement regarding the vulnerability. They say that a patch has been provided and is a forced patch. It's important to update now that the proof of concept has been released. The statement is below for your viewing pleasure:

 

We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

 

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.

NEWS SOURCES:Techreport.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases