Isn't it great when game publishers push overly invasive DRM? Not only does it penalize paying customers while doing little to thwart pirates, but it can also have fun side-effects. For example, as Geek.com reports, someone has discovered that Ubisoft's Uplay software installs a browser plug-in containing a backdoor. That backdoor purportedly allows arbitrary code to be executed on the unsuspecting victim's PC—and all it takes is a maliciously crafted web page.
HackerNews says the following games come with Uplay software and may make users' PCs vulnerable:
Assassin's Creed II
Assassin's Creed: Brotherhood
Assassin's Creed: Project Legacy
Assassin's Creed Revelations
Assassin's Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy's H.A.W.X. 2
Tom Clancy's Ghost Recon: Future Soldier
Tom Clancy's Splinter Cell: Conviction
Your Shape: Fitness Evolved
The folks at Rock, Paper, Shotgun provide instructions for how to track down the plug-in and disable it. The process doesn't look too difficult or painful. Firefox users can do it through the through the plug-ins section of the Add-ons manager. Chrome users can simply enter "about:plugins" into their address bar, and Opera users have to go to the "Advanced" preference tab, into the "Downloads" section, and look for Uplay there.Update 11:40 AM: Well, that was fast. Ubisoft has issued a statement saying a patch plugging the hole is now available. The statement was picked up by Rock, Paper, Shotgun and several other sites, and it reads:
We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.Something tells me a better fix would involve less invasive software, but hey—baby steps.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.