HomeGamesUpdatesPricingMethodology
Steam News30 July 201213y ago

Uplay security risk spotted, Ubisoft “looking into” the issue now

There's troubling news on RPS regarding a potential security risk associated with Ubisoft's Uplay plugin software that could allow hackers to remotely install programs onto your PC.

Full notes

Full R.U.S.E.™ update

Read the full published notes in a cleaner layout. The original post stays linked below.

What changed

0 fixes1 addition3 changes0 removals
  • Security
  • Gameplay
addedThere's troubling news on RPS regarding a potential security risk associated with Ubisoft's Uplay plugin software that could allow hackers to remotely install programs onto your PC. The problem seems to centre around the Uplay browser plugin, which is easily disabled. In Chrome, search for about:plugins and disable Uplay. In Firefox, head to tools - add ons - plugins and then disable Uplay and the UPlay PC Hub. To be safe, you might want to consider deleting Uplay and related programs from your PC.
changedUpdate: Ubisoft have sent over a statement saying that they've patched the problem out. Here it is:
changed“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
changedUbisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

There's troubling news on RPS regarding a potential security risk associated with Ubisoft's Uplay plugin software that could allow hackers to remotely install programs onto your PC. The problem seems to centre around the Uplay browser plugin, which is easily disabled. In Chrome, search for about:plugins and disable Uplay. In Firefox, head to tools - add ons - plugins and then disable Uplay and the UPlay PC Hub. To be safe, you might want to consider deleting Uplay and related programs from your PC.

The problem is detailed on Hacker News, which exposes a backdoor thread that allows a website to install and run programs remotely. We've contacted Ubisoft for comment and they're "looking into" the problem. We'll update with any further statements. Meanwhile, here's a list of Uplay associated games that you might want to steer clear of until we know exactly how serious the problem is.

Update

Ubisoft have sent over a statement saying that they've patched the problem out.

Here it is

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

Assassin's Creed II

Assassin's Creed: Brotherhood

Assassin's Creed: Project Legacy

Assassin's Creed Revelations

Beowulf: The Game

Brothers in Arms: Furious 4

Call of Juarez: The Cartel

Driver: San Francisco

Heroes of Might and Magic VI

Just Dance 3

Prince of Persia: The Forgotten Sands

Pure Football

R.U.S.E.

Shaun White Skateboarding

Silent Hunter 5: Battle of the Atlantic

The Settlers 7: Paths to a Kingdom

Tom Clancy's H.A.W.X. 2

Tom Clancy's Ghost Recon: Future Soldier

Tom Clancy's Splinter Cell: Conviction

Your Shape: Fitness Evolved

Source

Steam News / 30 July 2012

Open original post

Changelog.gg summarizes and formats this update. How we read updates.