The plugin granted its discoverer "unexpectedly (at least to me) wide access" to websites. It's a rather embarrassing hiccup if true.
Naturally this oversight has upset a lot of PC users who have long railed against Ubisoft's PC DRM software suite.
UPDATE: Trend Micro's Rik Ferguson, director of the security research firm, has said it's "not a malicious root, just really bad code." It's "a huge risk" .
"This certainly looks like an easily exploitable software flaw, but I'm not sure I would go as far as calling it a rootkit," commented director Ferguson. Ubisoft's Uplay is a mandatory install for any of their PC titles meaning everyone is put at risk. The real problem is that the exploit has now gone public.
"The reports state the exploitable code is in the form of a browser plugin, the plugin does not attempt to hide its presence on your system and can be relatively simply disabled. It's not a malicious root, just really bad code," he continued.
Ubisoft must fix this 'backdoor' immediately urged Fergusson. "Pushing out such easily exploitable code, to such an easily targeted platform as a web browser through such a huge gaming population presents a huge risk and will of course be of interest to online criminals," he gravely warned, speaking with .
"Ubisoft should be patching this code as a matter of urgency and in the meantime, gamers should be disabling the plug-in."
Original story follows
Essentially the plugin exposes users to action (potentially) by third-parties without any confirmation or consent being needed. A simple trip into your browser's security settings though can easily disable the offending plug-in. The exploit revolves around ActiveX controls.
The reason people seem to label this a rootkit is because there's no mention of a plug-in to be installed. By definition a rootkit is a "stealthy type of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer."
The troublesome code:
x = document.createElement('OBJECT'); x.type = "application/x-uplaypc"; document.body.appendChild(x); x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
x.type = "application/x-uplaypc";
x.open("-orbit_product_id 1 -orbit_exe_path
QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode
Of course Ubisoft's Uplay hasn't done this with malicious intent, as some would accuse, but this type of coding slip up would certainly incriminate software released by an independent programmer. A degree of hysteria surrounds the exploit leading to accusations that it makes a PC highly vulnerable.
Simply disable the browser plugin if you're concerned. Here's the.
We've contacted Ubisoft for comment.
Ubisoft's Uplay blasted as 'rootkit', installs 'unsecure' browser plug-in [UPDATE]
30 July 2012 | By Simon Priest