Ubisoft Games Include a Rootkit Anyone Can Exploit! Here's How to Disable It
If you use Ubisoft's uPlay browser extension, you should probably get rid of it right now. An Information Security Engineer at Google discovered that the plugin has a hole in it that allows programs to be installed through uPlay, essentially letting anyone who feels so inclined to take over your computer.
All an attacker would need to do is instantiate the plugin, and replace the 64-bit encoded executable path (highlighted in the code below) with a path to whatever application they want to run on your computer:
Essentially, once decoded, the highlighted path is not verified by the plugin, so if someone wanted do evil things to your computer, they could replace it with a path to a command prompt, download link, or practically anything else. Without you even knowing it, you could have a trojan, virus, or if someone was particularly nasty, a wiped hard drive.
The only real way to be 100% safe is to disable or uninstall the plugin. It's a simple fix, though the steps are different for each browser.
If you have multiple browsers installed, be sure to disable the plugin for each of your browsers:
- Click Tools (the gear icon)
- Manage Add-Ons
- Show -> All Add-Ons
- Select the Uplay Add-On and click Disable
- Click the "Firefox" menu in the upper left
- Click Add-ons
- Select the Plugins tab
- Click Disable next to the the Uplay and Uplay PC Hub plugins
- In the address bar, type "about:plugins" and hit enter
- Click the Disable link under the Uplay plugin
- Click Settings
- Search for "Uplay"
- Click delete
Below is a list of games that are known to be a threat. If you've installed any of them or have the plugin enabled, you're probably at risk. Just disable the plugin according to the instructions above and you'll be fine.
- Assassin's Creed II
- Assassin's Creed: Brotherhood
- Assassin's Creed: Project Legacy
- Assassin's Creed Revelations
- Assassin's Creed III
- Beowulf: The Game
- Brothers in Arms: Furious 4
- Call of Juarez: The Cartel
- Driver: San Francisco
- Heroes of Might and Magic VI
- Just Dance 3
- Prince of Persia: The Forgotten Sands
- Pure Football
- Shaun White Skateboarding
- Silent Hunter 5: Battle of the Atlantic
- The Settlers 7: Paths to a Kingdom
- Tom Clancy's H.A.W.X. 2
- Tom Clancy's Ghost Recon: Future Soldier
- Tom Clancy's Splinter Cell: Conviction
- Your Shape: Fitness Evolved
It seems that Ubisoft has acted quickly with their 2.0.4 patch for the issue. It has been tested and is reported to squash all security risk, but if you're still squeamish, it's probably best just to disable it altogether.