Report: Ubisoft's UPlay service may have browser exploit on PC [update: Ubisoft responds]
Between delays and draconian DRM, Ubisoft doesn't exactly have the best track record when it comes to the PC versions of its products. We might have to add browser exploits to that list, if a post on Seclists.org is to be believed. According to a poster by the name of Tavis Ormandy, Ubisoft's UPlay browser plugin, designed to let users launch a game from the web, contains an exploit – namely one that allows "wide access to websites."
Ormandy discovered the flaw in the PC version of Assassin's Creed Revelations, though it's reasonable to assume it would appear in all of Ubisoft's UPlay enabled PC titles.
The upshot of this, according to TechDirt, is that the exploit could allow any website – i.e. "bad websites" – access to your computer. Both Joystiq and Engadget have contacted Ubisoft to confirm the flaw. In the meantime, you may want to disable the UPlay browser plugin.
Update: Ubisoft has made a statement on the issue, reports RPS. The company has acknowledged the flaw and has made a "forced patch" to resolve the issue. The company recommends that "all Uplay users update their Uplay PC application without a Web browser open," which will "allow the plug-in to update correctly." The UPlay PC installer has also been updated to include the patch, and is available via the UPlay website.
