Update Origin Now

Got Origin installed? Then you’d better update it immediately.

EA has rolled out an update to the PC version of Origin (Mac isn’t affected) after a TechCrunch report found an enormous security flaw that allowed the remote execution of code, and applications, through the Origin app.

Underdog Security’s Dominik Penner and Daley Bee discovered that the method which Origin uses to open URLs could be hijacked to open any app on a PC, with the same level of privileges as the user.

“We were simply curious and looking around at the origin2 URI handler, when we came across a parameter where we could supply data that would be echoed back to us in the Origin client, prompting us to start tinkering,” the researchers explained.

After checking up on some sandbox exploits for AngularJS, the Javascript framework that Origin’s PC client is built off, the researchers were then able to remotely open an app, in this case Calculator:

“An attacker could also steal a users access token many of ways,” they warned. Taking a user’s access token would give malicious actors access to an account, without having to type in a password.

TechCrunch reports that the exploit was patched by EA earlier on Tuesday. Kotaku Australia has contacted EA’s local representatives for comment, asking when they were altered to the security flaw and what steps are being taken to shore up other vulnerabilities in the future.


The Cheapest NBN 1000 Plans

Looking to bump up your internet connection and save a few bucks? Here are the cheapest plans available.

At Kotaku, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


5 responses to “Update Origin Now”

Leave a Reply

Your email address will not be published. Required fields are marked *