EA has caught a lot of flak for making some games exclusive to its Origin distribution service. Now, it appears that service may have a serious security vulnerability. Presenters at the Black Hat security conference demonstrated an attack that allows a carefully crafted Internet link to execute malicious code on a user's system. Origin has to be installed on the host machine, and users are only exposed if they click the tainted link. A second, confirmation click may also be required depending on whether the user's system is configured to open origin:// links automatically.
Ars Technica says the exploit "works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine." The Windows and OS X clients are both affected, and the user's choice of Internet browser doesn't seem to matter. Requiring confirmation before opening Origin links appears to be the only way to keep your system safe at the moment.
I don't want to make excuses for EA, especially given its handling of the disastrous SimCity launch, but Origin isn't the first service to suffer such a security hole. In October, a similar flaw was exposed in Valve's Steam client. That flaw was patched quickly, according to ValveTime, and we haven't heard a peep about it since. This past summer, a security flaw was also discovered in Ubisoft's Uplay software. The software installed a browser plug-in containing a backdoor that allowed remote code execution. Ubisoft patched that vulnerability within a day.
EA hasn't released a fix for Origin just yet, but a company representative told Ars Technica, "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure." Let's hope the vulnerability is resolved soon.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||1|
|Biostar belatedly announces GTX 1060 graphics cards||8|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||5|
|AMD drops prices on the Radeon RX 460 and RX 470||47|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||32|
|Cellular Insights dissects iPhone 7 Plus modem performance||11|
|Deals of the week: scads of high-performance storage and more||9|
|Tobii's Eye Tracker 4C knows where your head is||5|
|A real "console monitor" would be 720p @ 30 Hz ;P||+63|