Ubisoft quickly patched up an exploit in its Uplay gaming portal yesterday, after it was discovered by a user who stated that it could be exploited as an invasive rootkit. The publisher denied any ulterior reason for the exploit, and today stated that the issue was due to a ”coding error”.
According to an Ubi rep, “The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games.
“The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”
Regardless of Ubisoft’s intentions, hopefully the patch will stop hackers from using the exploit as a rootkit for their own nefarious purposes.