A post by a Google security engineer points to a security flaw in Ubisoft’s PC DRM which could allow malicious sites to exploit users’ systems. It’s the latest in Ubisoft’s long-running headaches with DRM.
More information after the jump.
Over the weekend, Google security engineer Travis Ormandy posted his recent discovery that Ubisoft’s Uplay DRM might allow malicious sites access to PC users’ machines, based on his own time with Assassin’s Creed: Revelations. The exploit relates to a browser-based plugin which could potentially allow Internet ne’er-do-wells the ability to install data-heisting trojans and the like from users’ machines.
As of this morning, Ubisoft has potentially fixed the exploit with the 2.04 patch which, according to its changelog provides a “Fix addressing browser plug-in. Plug-in now only able to open UPlay application.” Digital Foundry has tested the vulnerability after the patch and found the issue has been resolved. Users still concerned about the vulnerability of Uplay can also disable the Uplay plugin in their browser.
So if Ubisoft has fixed the issue, what’s the story here? In the past, Ubisoft has had, let’s say “rocky” deployments of their DRM schemes, from their use of the often buggy StarForce platform back in ’05 (which ultimately landed them in court) to their most recent always on Online Services Platform.
[Source: Game Industry International]
Follow @MTVMultiplayer on Twitter and be sure to “like” us on Facebook for the best geek news about comics, toys, gaming and more! And don’t forget to follow our video gaming and TV writer @TheCharlesWebb.