Ubisfot has become the subject of yet another security fiasco after Google security engineer, Tavis Ormandy found that their Uplay software opens a dangerous backdoor on their customers’ PCs.
The backdoor resides in a browser plug-in that is installed alongside all new Ubisoft titles. The plugin is used to verify Ubisoft games’ authenticity in order to grant users access to Uplay services such as online play and achievements. Unfortunately, the way the plugin is written means that any malicious website can use it to gain access to the user’s files or run any programs on the his machine.
According to our security experts, the vulnerability seems to be a legitimate unintentional super screw up.
Ubisoft has acknowledged the problem and promised to release a patch within a few hours. In the meanwhile, if you have Uplay installed on your PC, make sure to disable its plugin in your browser.