Tweet
RPS reports that anybody with a bit of knowledge could code a website that could access the Uplay window from a web browser. From there, they could potentially gain unauthorized access to take control of your PC and personal information. This could also potentially be triggered via email link. RPS conducted a small interview with a security expert to see what could potentially happen.
Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”
Since this story broke, Ubisoft has released a patch for Uplay, bringing the rather horrid form of PC DRM up to version 2.0.4. When you update your Uplay client, you must have all browser windows closed to ensure the plugin will update correctly. The patch is also available by going to Uplay.com.
If you don't have any Uplay supported titles installed, be sure to disable and remove the Uplay plugin.
Firefox:
Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
Chrome:
Visit about
lugins and disable
Opera:
Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete
Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
Chrome:
Visit about
lugins and disableOpera:
Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete
This step should, in theory, not be necessary if you updated Uplay to version 2.0.4 today.
Ubisoft has issued no apology for this massive security issue, nor have they stated why the Uplay client needs this privacy-breaching plugin at all.
(via RPS)