Uplay as vessel for malicious software

I usually like titles with a pun or something on those lines, attempting to find a funny side even in a disaster. Not this time. Not when the threat is so dangerous and imminent.

According to this article there’s a huge hole in Uplay’s browsers plugin which lets anybody run potentially anything on the victim’s computer.

I haven’t tested it personally having never installed Ubisoft’s Uplay and never planned to do so, but my second hand informations tell me it’s scary how easy and smooth is to manipulate Uplay customers through this exploit.

Not that I needed some more proof that any DRM system is the Bane (I haven’t watched latest Batman yet, I just liked the pop culture reference) of legit customers, but do you now?

 

Below here is the list of the game which are most vulnerable to this and which you should immediately uninstall before this exploit really goes out of hand.

 

Assassin's Creed II 
Assassin's Creed: Brotherhood 
Assassin's Creed: Project Legacy 
Assassin's Creed Revelations 
Assassin's Creed III 
Beowulf: The Game 
Brothers in Arms: Furious 4 
Call of Juarez: The Cartel 
Driver: San Francisco 
Heroes of Might and Magic VI 
Just Dance 3 
Prince of Persia: The Forgotten Sands 
Pure Football 
R.U.S.E. 
Shaun White Skateboarding 
Silent Hunter 5: Battle of the Atlantic 
The Settlers 7: Paths to a Kingdom 
Tom Clancy's H.A.W.X. 2 
Tom Clancy's Ghost Recon: Future Soldier 
Tom Clancy's Splinter Cell: Conviction 
Your Shape: Fitness Evolved 
No votes yet.

This Post Has 6 Comments

  1. H4ndy

    Close all browser and start UPlay, an update was release shortly after this news to adress this issue.

    No votes yet.
  2. SilentBugler

    It’s not the games that are vulnerable or the uplay DRM itself, it’s UBI’s stupid browser plugins which uplay installs without asking you. Good old UBI essentially installs a trojan horse in your browser of choice. But they’ve supposedly patched it out already…

    Good thing I’m using 64x Firefox (along with ABP&NS, OF COURSE!) and UBI is too cheap to put out a x64 version of anything, my 86x Opera’s safe cause all plugins along with JS are disabled by default, and Explorer, amazingly enough, warns you about a suspicious action and asks you if you want to block it (I tried the test exploit). There’s also a HIPS-enabled firewall/antivirus, but as all my exploit tests were cut off on browser level that never came into play. *Smug!* *Smug!*

    See you next DRM exploit and remember:
    Inflicting violence upon UBI executives is not a crime in the eyes of God.

    No votes yet.
  3. mik0

    control panel -> installed program -> uninstall Ubisoft games…

    No votes yet.
  4. 0cube

    Firefox: Go to Extras -> addons -> plugins and disable the 2 Uplay things…

    No votes yet.
  5. ryuga81

    wait, what?

    what the hell is Uplay’s browser plugin? i don’t remember ever installing something like that…

    No votes yet.
  6. stranded

    Good thing I don’t have Ubisoft games.

    No votes yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.