Home / Software & Gaming / Ubisoft uPlay has big vulnerability

Ubisoft uPlay has big vulnerability

Ubisoft's online service, uPlay, has had a real vulnerability exposed, that can be used to view customer files and information.

While it was initially thought that this was a deliberate backdoor hidden by programmers of the service, it seems more likely now that it is an unintentional vulnerability. IT “experts” speaking with CVG, said that: “Functionality in the uPlay browser extension, that normally enables games to be launched from a web browser, turns out can also be used to launch any other program on the system.”

“In the demonstration making its rounds on the internet, the code launched a calculator.”

uPlay
uPlay, how about uFix this Ubisoft?

While this might not have been a big problem if uPlay was voluntary, the fact that it was designed as a DRM system to protect the company's games and is therefore mandatory, makes it a real issue. Gamers are being forced to install software that is inherantly insecure and potentially provides hackers with a loophole.

“I noticed the uPlay installation procedure creates a browser plugin for its accompanying uPlay launcher, which grants unexpectedly (at least to me) wide access to websites,” said one hacker on the Ycominator forum, when discussing the vulnerability.

KitGuru Says: Ubisoft will need to jump on this in some official manner if it doesn't want to risk alienating consumers and its player base.

Become a Patron!

Check Also

Death Note: Killer Within launches free for PS+ subscribers

The free games available to PS Plus subscribers in November 2024 have been announced. Death Note: Killer Within is a day-one release.