Ubisoft patches dangerous plugin flaw

By
Follow google news

Add-on allows attackers to execute applications on user machines.

Ubisoft has scrambled to fix a vulnerability discovered in its web browser plugin that allowed web sites to execute applications on user machines.

Ubisoft patches dangerous plugin flaw

The flaw was reported on the Full Disclosure mailing list by Google security researcher Travis

Ormandy who stumbled across the flaw while installing the Ubisoft game title Assassin's Creed Revelations.

The vulnerable browser plugin was installed on customer machines as part of a game package and was used to take command line arguments while games were in under development.

But the function allowed the application to run any executable.

Ormanday created a brief proof of concept code that allowed a website to launch the Windows calculator via the vulnerable plugin.

Hours after the Monday post, Ubisoft issued a patch to close the vulnerability, blaming the gaffe on a "coding error".

Ubisoft denied claims by users it had installed rootkits on user machines to preserve its contentious digital rights management.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

Microsoft device telemetry key to unmasking alleged Scattered Spider hacker

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Log In

  |  Forgot your password?