Dennis Nedry Jurassic Park

On Monday, a client update for EA's Origin was released that patched up a rather significant security hole in the game client. According to a proof-of-concept investigated by TechCrunch, an attacker with knowledge of the security hole could have run any app they wanted to on the victim's computer.

This flaw was originally discovered by security researchers Daley Bee and Dominik Penner of Underdog Security. The two found that the flaw allowed them to run any app on a victim's computer at the same level of privileges as the logged-in user. The proof-of-concept that TechCrunch checked out simply opened up the Calculator app.

Opening an app is one thing, but the researchers also found that PowerShell commands could also be executed. Through PowerShell, someone would be able to download additional malicious components and even install ransomware.

Bee said a malicious link could be sent as an email or listed on a webpage, but could also be triggered if the malicious code was combined with a cross-site scripting exploit that ran automatically in the browser.
In addition, it was also entirely possible to steal someone's access token with a single line of code. With that you wouldn't need someone's password in order to get into their account.

The good news here is that this security hole was patched in a client update released on Monday of this week. If you haven't yet downloaded the update for Origin, it's strongly advised that you do so as soon as possible. Those running the macOS client were not affected by this in the first place.
EA Origin security hole