Updated – Ubisoft’s Uplay Poses Security Risk

Updated – Ubisoft’s Uplay Poses Security Risk

Update – Ubisoft have released a patch for Uplay which closes the exploit. More details on RPS.

There appears to be a pretty large security risk located in Ubisoft’s Uplay game launcher/DRM manager which, as detailed here installs a backdoor onto your computer which can be used by those with bad intentions to install programs onto your machine remotely. Alec Meer on Rock, Paper, Shotgun has been doing some digging and has talked to a security expert about the matter.

The expert Alec spoke to said this:

“you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

The problem lies within a plugin that Uplay installs onto your web browser, (instructions for removal can be found here.) something which has only come around with the 2.x update to Uplay. There is a link to see whether you are affected by this exploit here, if you are affected then Uplay and calculator should launch. I have run the test with Uplay 1.x installed and I didn’t receive any problems, but after updating the application when launching one of the following games which are impacted by this, the test link showed the vulnerability.

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

It would be wise to err on the side of caution and uninstall Uplay entirely and ensure your web browsers are clear of any extensions or plugins which are linked to Uplay. More on this as events develop.

One thought on “Updated – Ubisoft’s Uplay Poses Security Risk

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.