Ubisoft Uplay installs exploitable, rootkit-like plug-in on user PCs

esa making big announcement about e3 2013 soon ubisoft uplay exploit

Uplay isn’t the most beloved online service in the world. Ubisoft’s network does offer things that people enjoy—achievements, easy access to friends playing the same Ubisoft games—but Uplay is first and foremost a complex form of digital rights management (DRM). Ubisoft games on PC like Tom Clancy’s Ghost Recon: Future Soldier and the upcoming Assassin’s Creed III require a connection to Uplay so as to verify their authenticity.

On Monday, Uplay got Ubisoft into no small amount of trouble. Google security engineer Tavis Ormandy found that Uplay installs a browser plug-in on users’ PCs that can be exploited by malicious individuals to launch other applications on your machine. That is to say, if you have the Uplay plug-in installed, a less savory website or business could exploit it to launch apps like Microsoft Outlook that contain sensitive information. The plug-in was thought to be a rootkit, the kind of sneaky unwanted software typically used by spammers.

Ubisoft released a statement saying that the plug-in is not in fact a rootkit. Its exploitable nature was the result of a coding error. While Ubisoft was quick to point out that not technically associated with Uplay’s DRM processes—the plug-in was intended only to launch the Uplay client from a browser—Uplay’s nature as a DRM-centric service and software set automatically ties the plug-in to the company’s aggressive anti-piracy measures.

“The browser plug-in that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made,” reads the statement, “This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”

The company has issued a patch for Uplay that fixes the problem.

This is the second major privacy violation issue to trouble Ubisoft this summer. At the end of June, an alternate reality game promoting the E3 2012 hit Watch Dogs accidentally leaked 500 customer emails to every player in on Ubisoft’s promotional email list. The company responded by removing affected customers from its marketing database.

Ubisoft’s blunders this summer demonstrate two things. One: When you trust monolithic corporations with personal information or agree to use their products when connected to the Internet, you are not guaranteed that that information is secure. No matter what. Two: Ubisoft really needs to get its act together.

Apple

iPhone users are finding themselves randomly locked out of their Apple ID

According to posts on Reddit and Twitter, it looks like users on Reddit and Twitter having some issues with their Apple accounts. Specifically, it seems as though users are getting randomly locked out of their Apple IDs.
Music

How to convert and play FLAC music files on your iPhone or iPad

The high-resolution revolution is upon us, and FLAC files are a popular way to store hi-res sound. But what if you’re an iOS user? Check out our article to find out more about FLAC files, and how to use them on Apple devices.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Web

Data stolen from HealthCare.gov includes partial SSNs and immigration status

Around 75,000 users have had their user data stolen from government site healthcare.gov, including information on their immigration status, whether they were pregnant, and partial social security numbers.
Gaming

The Army wants YOU … to play esports with soldiers

The U.S. Army is creating esports teams for games such as Overwatch, Fortnite, PlayerUnknown's Battlegrounds, and League of Legends. The initiative looks to boost recruitment, after missing the mark for the first time since 2005.
Computing

If the speed of AMD’s Radeon RX 590 doesn’t entice you, the game bundle will

AMD's Radeon RX 590 is a new video card that targets 1080p gaming at maximum detail. Starting at $280, it fills a gap between the Radeon RX 580 and the more expensive Radeon RX Vega. AMD says the new RX 590 can beat Nvidia's GTX 1060 Ti.
Gaming

PlayStation 4 celebrates fifth anniversary with ‘Call of Duty: Black Ops 4’ bundle

The PlayStation 4 is officially five years old today, November 15, and to celebrate the anniversary, Sony is offering a new console bundle that includes a free copy of Call of Duty: Black Ops 4.
Gaming

These are the best Xbox One games available right now

More than four years into its life span, Microsoft's latest console is finally coming into its own. From 'Cuphead' to 'Halo 5,' the best Xbox One games offer something for everyone.
Gaming

‘Hitman 2’ makes a target of the unkillable Sean Bean, but you’d better not miss

Famously mortal actor Sean Bean will be available to kill in Hitman 2 beginning November 20. He'll be in the game as an Elusive Target for two weeks and you'll only get one chance to take him out.
Gaming

Bug is turning ‘Fallout 76’ players into mutants even more terrifying than usual

A bug linked to the Power Armor gear in Fallout 76 appears to be turning players into bizarre naked mutants, complete with extremely long limbs that are more than a little unsettling.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Gaming

Tips for surviving the nuclear wasteland in 'Fallout 76'

Before running into nuclear wasteland with your Pip-Boy, take a moment to consider these Fallout 76 tips. From food and water to maintaining weapons and armor, here are the things all beginners should know.
Gaming

Find a fish and get your boogie on with Fortnite's week 8 challenge

The Fortnite season 6 week 8 challenges have arrived as we near the end of this spooky season. The big free challenge this week is the Fortnite fish trophy challenge where you need to dance with different fishes. Here are all of the…
Gaming

For the first time ever, PlayStation will be a no-show at E3

For the first time in the event's history, E3 2019 will not feature Sony or PlayStation. The massive event almost always features a lengthy press conference from Sony, often after all other major companies give theirs.