A report spreading online seems to have revealed a damning security flaw in Ubisoft’s Uplay tech.
Revealed by Google’s information security engineer Tavis Ormandy, via seclists, the possible exploit comes in the form of Uplay’s web browser extension. While the extension itself is harmless, there’s more than enough concern already as to the possible code/programs or even installations that could be booted via your very own Uplay browser extension.
The backdoor exploit, according to what were reading, could be theoretically used and implemented into “commonly-used” websites. By accessing said website, the code could activate your Uplay account and boot up the desired installation. This of course could include remote-access programs which would grant access to your PC to external sources.
Here’s a current confirmed list of Ubisoft titles that support Uplay:
- Assassin’s Creed II
- Assassin’s Creed: Brotherhood
- Assassin’s Creed: Project Legacy
- Assassin’s Creed Revelations
- Assassin’s Creed III
- Beowulf: The Game
- Brothers in Arms: Furious 4
- Call of Juarez: The Cartel
- Driver: San Francisco
- Heroes of Might and Magic VI
- Just Dance 3
- Prince of Persia: The Forgotten Sands
- Pure Football
- Shaun White Skateboarding
- Silent Hunter 5: Battle of the Atlantic
- The Settlers 7: Paths to a Kingdom
- Tom Clancy’s H.A.W.X. 2
- Tom Clancy’s Ghost Recon: Future Soldier
- Tom Clancy’s Splinter Cell: Conviction
- Your Shape: Fitness Evolved
Various media outlets online are urging gamers to uninstall the Uplay browser plugin. This can be done via the following:
- Visit about:plugins and disable
- Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
- Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete
While Ubisoft have yet to comment on the matter, we’d urge all PC/Ubisoft title users to do the above, and wait for confirmation/clarification.