by July 30, 2012 @ 12:27 pm
Earlier today, Google engineer Tavis Ormandy discovered a flaw in Ubisoft’s Uplay DRM scheme that allows remote execution of files on your computer. In a full disclosure release, the flaw was published on security site Seclists.org. As Uplay silently installs a browser-based plugin, the implications of this exploit are rather severe — a website could trick a user into downloading a malicious file and then remotely execute it.
Thankfully, Ubisoft has taken swift action, releasing a patch for Uplay today that fixes the flaw. Unfortunately, there’s no telling how many users were infected through this prior to the patch. Uplay is used in nearly all major Ubisoft titles, including Assassin’s Creed and Driver: San Francisco. We’d recommend anyone that has Uplay installed to run a full spyware and virus scan on your computer.
It’s no secret that Ubisoft has struggled with acceptance of its DRM scheme. Requiring an “always on” internet connection in certain titles raised enough ire that some folks started boycotting any Ubisoft published titles. It’s obvious that the company has been treading on thin ice with PC gamers, and we can only imagine that this latest development will rub further salt into the wound.
Why companies will continue to pursue their own draconian DRM schemes when much better alternatives exist, such as Steam itself, is very puzzling. In the end it’s usually only the paying consumer that is inconvenienced, as DRM-stripping cracks often surface on release day or a few days after. Is risking a PR disaster like this really worth blocking a few pirates that in all likelihood wouldn’t buy your game anyway? For the full list of affected titles, hit the break.
Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved
Follow this author on Twitter.