Ubisoft patches Uplay DRM security hole uncovered by Google engineer (update)

Google security engineer Tavis Ormandy has revealed a potential rootkit in Ubisoft’s Uplay digital rights management (DRM) software. Uplay, which is bundled with games such as the Assassin’s Creed series and Tom Clancy’s Ghost Recon titles, is designed as a mechanism to protect Ubisoft’s titles from being pirated. Writing on Seclists, Ormandy says he discovered the unexpected behavior in Uplay after installing a copy of Assassin’s Creed Revelations.

“I don’t know if it’s by design, but I thought I’d mention it here in case someone else wants to look into it,” says Ormandy. It doesn’t appear that the Google security engineer has informed Ubisoft of his findings. Commenters over at Hacker News have published a proof of concept URL that appears to exploit a vulnerability in a browser plugin installed by Uplay — launching a copy of the built-in calculator in Windows. “Ubisoft installs a backdoor that allows any website to take over your computer,” says one commenter. We have reached out to Ubisoft for comment on the issue and we’ll update you accordingly.

Update: Ubisoft has issued a statement, saying the company published a patch which fixes the browser plug-in vulnerability earlier today. The statement recommends that users either update Uplay without a browser window open, or download an updated installer from the Uplay website.

The statement notably doesn’t include a formal apology for opening users’ computers to invasion, but says, “Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”