Suffice to say that browser-based scripts should not be able to run any kind of executable code outside of the browser, but that's exactly what happens. We tested it by accessing the link after installing Assassin's Creed 2, and updating UPlay to the latest version. Accessing a specific website set-up with his code sees UPlay booted, and the standard Windows calculator program then runs completely independently of user input. Ormandy also supplied a proof of concept demonstrating the security hole. "I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it (I'm not really interested in video game security, I air-gap the machine I use to play games)." However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites," Ormandy notes. I didn't have much of a chance to play it, but it seems fun so far. "While on vacation recently I bought a video game called 'Assassin's Creed Revelations'. The vulnerability affects anyone with key Ubisoft games installed, including several Assassin's Creed releases (AC2 to Revelations), HAWX 2, Splinter Cell: Conviction and Ghost Recon: Future Soldier. Ubisoft's UPlay client appears to host a serious security vulnerability that could allow malicious websites to take control of your PC, according to programmer Tavis Ormandy, posting on the SecLists.Org's "full disclosure" mailing list. If you own any game with UPlay support, we recommend running the client and allowing it to update in order to close the loophole. We have tested the new update and confirm that the issue appears to have been resolved. Plug-in now only able to open UPlay application". The changelog for the patch says: "Fix addressing browser plug-in. Ubisoft has rolled out a 2.0.4 patch which appears to kill the vulnerability found in UPlay.
0 kommentar(er)
