Ubisoft fixes UPlay DRM security exploit
Following reports that DRM may allow hackers to get into your PC, Ubisoft issues a quick patch
Posted by Alex 'SpectralShock' V on Jul 30, 2012 - 12:57pm EST (298 days ago)
Ubisoft's DRM system has been accused of allowing unprecedented access to users' PCs by potentially malicious websites.
A post on SecList's full disclosure site by Google security engineer Tavis Ormandy claims that the vulnerability opens a backdoor for websites access the machines of any customer who has installed many of the publisher's most popular products on PC, including Assassin's Creed titles and the latest Ghost Recon game.
Supplying a piece of code which is said to prove his theory, Ormandy invited others to test his theory a challenge which has been picked up elsewhere and confirmed.
Taking swift action, EuroGamer reports that Ubisoft has rolled out a 2.0.4 patch which appears to kill the vulnerability found in UPlay. The changelog for the patch says it fixes the browser plug-in. Plug-in is now only able to open UPlay application.
UPlay is part of Ubisoft's heavily criticized DRM system which aims to prevent illegal use and distribution of its PC titles.