Ubisoft recently patched a vulnerability in its Uplay digital rights management software.
“The discovery was made by Tavis Ormandy, [an] information security engineer at Google, when he installed ‘Assassin’s Creed: Revelations’ on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it,” writes Geek.com’s Matthew Humphries. “The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user’s consent.”
“Ubisoft titles affected by this include ‘Assassin’s Creed II,’ ‘Assassin’s Creed: Revelations,’ ‘Silent Hunter 5: Battle of the Atlantic,’ and ‘Tom Clancy’s Splinter Cell: Conviction,'” writes Forbes’ Adrian Kingsley-Hughes.
“The company said that it got the news of the flaw early on Monday morning and had a patch out within 90 minutes, giving a few people a very sudden start to the working week,” writes The Register’s Iain Thomson.
“The fix was issued via a patch that can be downloaded from the Uplay website or via the Uplay application itself,” writes TG Daily’s Shane McGlaun. “‘We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention,’ a spokesperson said. ‘We recommend that all Uplay users update their Uplay PC application without a web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.'”
“Ubisoft denied reports that Uplay contained a rootkit — a piece of software created to stealthily allow access to a computer,” writes ZDNet’s Tom Espiner. “‘The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilises which suffered from a coding error that allowed systems usually used by Ubisoft PC game developers to make their games,’ said the company.”