Ubisoft Games Include a Rootkit Anyone Can Exploit! Here's How to Disable It

Jul 30, 2012 08:39 PM
Jul 30, 2012 08:45 PM
634792590712594898.jpg

If you use Ubisoft's uPlay browser extension, you should probably get rid of it right now. An Information Security Engineer at Google discovered that the plugin has a hole in it that allows programs to be installed through uPlay, essentially letting anyone who feels so inclined to take over your computer.

How the Exploit Works

You don't have to be running a game, it just has to be installed on your computer, as it will install a plugin in all of your web browsers, looking for the application/x-uplaypc mime type. Their seemingly innocent goal of allowing them to add a button to their websites that'll let them launch their games from your browser can be easily exploited by anyone with a website and a little JavaScript knowledge.

All an attacker would need to do is instantiate the plugin, and replace the 64-bit encoded executable path (highlighted in the code below) with a path to whatever application they want to run on your computer:

634792567951691385.jpg

Essentially, once decoded, the highlighted path is not verified by the plugin, so if someone wanted do evil things to your computer, they could replace it with a path to a command prompt, download link, or practically anything else. Without you even knowing it, you could have a trojan, virus, or if someone was particularly nasty, a wiped hard drive.

How to Protect Yourself

The only real way to be 100% safe is to disable or uninstall the plugin. It's a simple fix, though the steps are different for each browser.

If you have multiple browsers installed, be sure to disable the plugin for each of your browsers:

In IE9

  1. Click Tools (the gear icon)
  2. Manage Add-Ons
  3. Show -> All Add-Ons
  4. Select the Uplay Add-On and click Disable

In Firefox

  1. Click the "Firefox" menu in the upper left
  2. Click Add-ons
  3. Select the Plugins tab
  4. Click Disable next to the the Uplay and Uplay PC Hub plugins

In Chrome

  1. In the address bar, type "about:plugins" and hit enter
  2. Click the Disable link under the Uplay plugin

In Opera

  1. Click Settings
  2. Preferences
  3. Advanced
  4. Downloads
  5. Search for "Uplay"
  6. Click delete

Is Your Computer Compromised?

Below is a list of games that are known to be a threat. If you've installed any of them or have the plugin enabled, you're probably at risk. Just disable the plugin according to the instructions above and you'll be fine.

  • Assassin's Creed II
  • Assassin's Creed: Brotherhood
  • Assassin's Creed: Project Legacy
  • Assassin's Creed Revelations
  • Assassin's Creed III
  • Beowulf: The Game
  • Brothers in Arms: Furious 4
  • Call of Juarez: The Cartel
  • Driver: San Francisco
  • Heroes of Might and Magic VI
  • Just Dance 3
  • Prince of Persia: The Forgotten Sands
  • Pure Football
  • R.U.S.E.
  • Shaun White Skateboarding
  • Silent Hunter 5: Battle of the Atlantic
  • The Settlers 7: Paths to a Kingdom
  • Tom Clancy's H.A.W.X. 2
  • Tom Clancy's Ghost Recon: Future Soldier
  • Tom Clancy's Splinter Cell: Conviction
  • Your Shape: Fitness Evolved

UPDATE

It seems that Ubisoft has acted quickly with their 2.0.4 patch for the issue. It has been tested and is reported to squash all security risk, but if you're still squeamish, it's probably best just to disable it altogether.

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Comments

No Comments Exist

Be the first, drop a comment!