Browser plugin allows nearly any program to be executed.
By Tim Colwill on July 31, 2012 at 12:02 pm
Ubisoft’s Uplay doesn’t exactly have a good rep with PC gamers already due to its tendency to go down at key times and leave gamers unable to play their games – but it’s about to get even worse. Late last night it was revealed that Ubisoft’s Uplay software came unwittingly packaged with a gaping backdoor: a browser plugin that Uplay installs into your computer during setup.
This browser plugin could theoretically be used to execute nearly any program through Uplay – indeed, adventurous users on the Ubisoft forums themselves quickly discovered they could quickly write scripts that used Uplay to launch Windows Calculator and other programs – and as such we’re being warned to update our Uplay software immediately.
Ubisoft jumped on the news quickly and have issued the following statement: “We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.” Many users are uninstalling completely until the problem can be verified as fixed, which might be a reasonable precaution.
Source: Rock, Paper, Shotgun