TweakTown
Tech content trusted by users in North America and around the world
5,673 Reviews & Articles | 36,065 News Posts
Weekly Giveaway: Fractal Design Arc Cases Contest (Global Entry!)

Ubisoft accidentally installed a backdoor with its DRM

Ubisoft's DRM had a vulnerability in its browser plug-in which has now been patched

| Hacking & Security News | Posted: Jul 30, 2012 6:29 pm

Earlier today, stories were hitting the web that Ubisoft's DRM installed a browser plug-in that contained a backdoor. Ubisoft acted quickly and has released a patch to fix the security hole as it turns out that the backdoor was an accident and was in no way meant to be there, or at least not exploitable as it was.

 

TweakTown image news/2/5/25067_1_ubisoft_accidentally_installed_a_backdoor_with_its_drm.png

 

Tavis Ormandy, a Google security engineer, found the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Mr. Ormandy went as far as to post a few lines of Javascript as an untested proof of concept. This morning, the story made it onto Hacker News along with a working proof of concept.

 

The list of games which come with Uplay, and the vulnerability, are as follows:

 

Assassin's Creed II

Assassin's Creed: Brotherhood

Assassin's Creed: Project Legacy

Assassin's Creed Revelations

Assassin's Creed III

Beowulf: The Game

Brothers in Arms: Furious 4

Call of Juarez: The Cartel

Driver: San Francisco

Heroes of Might and Magic VI

Just Dance 3

Prince of Persia: The Forgotten Sands

Pure Football

R.U.S.E.

Shaun White Skateboarding

Silent Hunter 5: Battle of the Atlantic

The Settlers 7: Paths to a Kingdom

Tom Clancy's H.A.W.X. 2

Tom Clancy's Ghost Recon: Future Soldier

Tom Clancy's Splinter Cell: Conviction

Your Shape: Fitness Evolved

 

Ubisoft has issued a statement regarding the vulnerability. They say that a patch has been provided and is a forced patch. It's important to update now that the proof of concept has been released. The statement is below for your viewing pleasure:

 

We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

 

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.

NEWS SOURCE
Techreport.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Post a Comment about this news

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below