Ubisoft Denies Existence of Rootkit in UPlay

July 31, 2012 -

Ubisoft calls yesterday's story about a rootkit being found in Uplay false and blames "a coding error" for the security hole. Ubisoft denied the whole "rootkit" angle altogether. After quickly patching the Uplay software yesterday, the company issued a statement saying that a coding error was the cause of the software being able to launch any executable on a remote computer - a fact hackers demonstrated as a proof of concept this week.

"The Uplay application has never included a rootkit," a spokesperson told Kotaku. "The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games."

"The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made," the spokesperson continued. "This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine."

One thing the company did not say in its statement is that it was sorry to consumers who would have been vulnerable to such an exploit, nor did they thank whitehat hackers who uncovered the vulnerability. To its credit, Ubisoft had the security hole plugged in less than eight hours after news of the exploit broke.

Source: Kotaku by way of RPS


Comments

Re: Ubisoft Denies Existence of Rootkit in UPlay

"One thing the company did not say in its statement is that it was sorry to consumers who would have been vulnerable to such an exploit, nor did they thank whitehat hackers who uncovered the vulnerability."

Ubisoft, Apologize?

The same company that used a pirate group's (RELOADED) executable to "Fix" their own broken executable?!

Why I never! The unmitigated gall of such a request...

"To its credit, Ubisoft had the security hole plugged in less than eight hours after news of the exploit broke."

While this is admittedly admirable, it's a security hole that never should've existed in the first place, and wouldn't have existed if they weren't so gung-ho with their ludicrous DRM. GFWL is better than Uplay.

I can't believe I just said that...

----
Papa Midnight

Re: Ubisoft Denies Existence of Rootkit in UPlay

Well GFWL is better than UPlay. The catch is is that such a statement is relative. It can still be downright horrible but still better than UPlay.

Re: Ubisoft Denies Existence of Rootkit in UPlay

Anyone knew they took constant connection out of a couple games and another one completely?


Copyright infringement is nothing more than civil disobedience to a bad set of laws. Let's renegotiate them.

---

http://zippydsm.deviantart.com/

 
Forgot your password?
Username :
Password :

Poll

Will Code Avarice's Paranautical Activity make its way back onto Steam?:
 

Be Heard - Contact Your Politician