Ubisoft Denies Including A Rootkit In Uplay Service, Blames Security Exploit On A 'Coding Error'

A major security flaw in Ubisoft's Uplay service for launching their PC games was not a product of devious programming nor part of the company's DRM strategy, the publisher of Assassin's Creed and Far Cry 3 said in a statement released this evening.

The flaw had allowed outsiders to breach Uplay users' computers and was rumoured to possibly be the result of a "rootkit," or, software that lets you access the core directories of a system (the "root") or even someone else's system — really bad malware.

"The issue is not a rootkit," a company rep said in part of an official Ubisoft statement. "The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games."

Ubisoft outlined the issue:

The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they're being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.

The actions they took:

The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plugin so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.

The solution they recommend:

To update your Uplay client and apply the patch:

-Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.) If the web browser is open during the patch it will require restarting the browser.

-Launch the Uplay PC client. The Uplay PC client update will start automatically.

An updated version of the Uplay PC installer is also available to download from Uplay.com.

The company said that their faulty Uplay plug-in was not tied to its DRM policies, which have often been criticised for the extreme requirements they place on Ubisoft's PC gaming customers.


Comments

    Given their recent moves to abandon their draconian DRM attempts,
    I'd take this at face value.

    Have to give them credit, thats a very fast bug fix.

    I never got around to buying the missing half of Assassin's Creed,
    the single player story line they took out to sell to us later. It
    made me just a little too jaded to care about anything Ubisoft do.

    Plausible deniability, or ordinary garden-variety incompetence and
    unforseen consequences? I'm leaning towards the latter, but the
    evil one sounds sexier.

    I call BS. So they are saying they are not responsible for
    purposely including open door access for just "Ubisoft" to any
    computer with uplay but are in fact reponsible for much worse in
    that they allowed open door access for "anyone"! Sorry but the
    excuse "It's not my fault" just doesn't cut it. All Ubisoft titles
    are blacklisted from now on.....give my regards to your big brother
    EA on your way out of relevance.

      Its your privacy thats irrelevant, not us. NOW GIVE ME MONEYYYYYYYY

      While I agree that Ubisoft has been a real tyrent with it's DMR stuff, I will still be buying their games. Like anything, if you want the donut, you have to buy the hole.

      They have made some incredible titles in the past.

      Boycott if you will, it's certainly your right. But it will only be effective if a HUGE market base does the same thing.
      I would imagine you are going to miss out on a lot of potential great games in the future.

Join the discussion!

Trending Stories Right Now