News Section Logo NEWS - Return to news section


Ubisoft DRM Contains Rootkit, Update Available To Fix Vulnerability

Posted by: , 12:07 AEST, Wed August 1, 2012

Permanent Link     Add Comments
submit to reddit
Another week, another Ubisoft DRM controversy, as browser plug-in included with DRM acts as rootkit to allow hackers to run any program on your PC
News story feature image

Ubisoft's controversial DRM and online platform, Uplay, became even more controversial this week as a Google engineer revealed a huge flaw that allows hackers to gain full control of user's computers via a misbehaving browser plugin.

The Uplay platforms performs anti-piracy authentication, including "always-on" online authentication, as well as providing additional features such as achievements, additional game content.

Tavis Ormandy, a Google information security engineer, discovered the flaw while trying to download and install Ubisoft's Assassin's Creed: Revelations game, which is one of 21 titles to feature the Uplay platform. The flaw allowed users with malicious intent to use the included Uplay browser plug-in to run any program on the user's computer, which then makes it trivial to control that user's entire computer - these kind of malicious software are traditionally called "rootkits". As the plug-in is included with Uplay by default, this means hundreds of thousands of PCs have been put at risk due to this flaw.

Ubisoft was quick to respond to the issue, by releasing a patch (version 2.0.4) right away that fixes the flaw: the browser plug-in can now only launch Uplay apps. Users are urged to update their Uplay installation right away, but by doing so without having any browsers open to allow the browser update to occur. Ubisoft issued a statement saying they will "continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues".

The most high profile case of DRM acting as a rootkit was the infamous Sony rootkit scandal, which forced the company to recall music CDs that had included the DRM, as well as offer financial settlements to the hundreds of thousands that were potentially affected.


Related News:

News Icon Ubi DRM Strikes Again: Games Will Be Unplayable Due To DRM Server Switch

posted by: Sean F, 14:38 AEDT, Sat February 4, 2012

News Icon Ubisoft Moving Away From PC Games Due To Piracy, Others Disagree

posted by: Andrew K, 21:06 AEDT, Fri November 25, 2011

News Icon Steam Gets Hacked: 35 Million Accounts Exposed, Including Credit Card Numbers

posted by: Sean F, 14:57 AEDT, Fri November 11, 2011

News Icon Anonymous Insider Reveals Game Publishing Secrets, Talks DRM

posted by: Sean F, 17:18 AEST, Thu July 19, 2012

News Icon Hardware Upgrades Not Welcomed By Ubisoft DRM, Ubi Says It's Normal

posted by: Andrew K, 20:43 AEDT, Tue January 24, 2012