Ubisoft has managed to patch a glaring hole in their Uplay client after a casual white hat programmer pointed out that an incorrectly-coded browser plugin could be used to launch .exe files on remote systems.
Programmer Tavis Ormandy discovered the exploit while booting up Assassin's Creed: Revelations, and posted about it on Seclists.org.
"While on vacation recently I bought a video game called 'Assassin's Creed Revelations'. I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites," he explained.
"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it (I'm not really interested in video game security, I air-gap the machine I use to play games)."
The implications are fairly serious: by creating a website based on this code, Ormandy demonstrated that a browser could remotely open programs and run .exe files from the hard drive. Taking this concept to the logical extreme, nefarious types could use this premise to wipe files or install malware, viruses or trojans. Thankfully, by making his discovery of the vulnerability public, Ormandy has hopefully allowed the hole to be plugged without anyone managing to take advantage.
Ubisoft confirms that Uplay patch 2.0.4. 'addresses the browser plug-in,' and we'd recommend updating as soon as possible. They blame the vulnerability on a "coding error." [via Kotaku]
Seriously now, Ubisoft, have you considered quitting the DRM game while you're behind? After outages, botched online pass print runs, idiotic activations, mass confusion, public outcry and utter futility, I think we can all agree that you're just not very good at it.