Popular Ubisoft Video Games Could Put Your Computer At Risk

UPDATE: Ubisoft has released a statement saying it has pushed out a patch that should fix the issue.

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
“Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”

—————–
If you have any of the Assassin’s Creed games installed on your PC — or any others from a list of popular games released by Ubisoft — you may want to uninstall them now that folks have pointed out that browser plugin included in the program could make your computer vulnerable to hackers.

From rockpapershotgun.com:

[W]ith the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds.

Some say that the offending plugin can be rendered safe by disabling it in your various web browsers. Others advise that you may want to consider simply uninstalling everything Ubisoft-related until a more definitive solution has been reached.

Here is a (possibly incomplete) list of games believed to be affected by the problem plugin:
Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

Thanks to Anti for the tip!

Comments

Edit Your Comment

  1. incident-man stole my avatar says:

    Who knew EA owned Ubisoft?

    • MrMongerty says:

      Ubisoft has been a cesspool long before EA became the bad guy. Problem is, people forget about companies like Ubi (who were some of the first to use limited use CD- keys, always online DRM, etc…).

      6-10 years ago, Ubisoft was a real up and comer, with some really amazing games (Splinter Cell, Prince of Persia, Beyond Good and Evil, even Assassin’s Creed). They are a case study in what happens when you become insecure with DRM and lose favor with the public, now publishing 80% shovelware for the Wii with no really good IPs that haven’t been squeezed dry.

  2. Blueskylaw says:

    It sounds like this malware problem is multiplying
    faster than rats in a Walmart meat case.

  3. Driblis says:

    Ubisoft’s approach to DRM is so paranoid and draconic that I’m not at all surprised to see exploits. Heck, most of the games requires always-connected internet to their servers or the games will up and drop you without warning. Even single-player games.

    It’s really fun when games that require such connection end up unplayable at launch due to server issues.

  4. Captain Spock says:

    And this folks, is why after the draconian DRM started with UBISoft, I stopped buying their games.

  5. romoish says:

    Ubisoft’s DRM is a joke but all those games are Bad Games so if you own them you’re pretty much looking for a bad time.

    • MrMongerty says:

      Excluding Assassin’s Creed II, you are correct. Brotherhood was decent, but not worth full price.

      Obviously it is subjective, but AC II is pretty much held as the best in the series.

    • Chuft-Captain says:

      Really? They’re all bad games? I’d disagree with you on at least four of them. And at least one isn’t even out, so how would you know?

  6. dogmaticman says:

    I hope someone files a lawsuit. I seriously hate the DRM-checks in software lately. What once was an innocuous CD-check is now ridiculous. Now DRM-checks hog up precious in-game memory, take time to sync files with servers and feature pop-up sign in notifications all in the guise of social gaming. It’s just getting too far- and I’m not surprised their bloatware is now a security opening for hackers.

  7. 180CS says:

    I quit playing anything by ubisoft about half a decade ago when they decided including root kits (that where actually able to damage systems) with their games would be cool.

    Anyone here remember starforce on ghost recon?

    • cosby says:

      Yea starforce on splinter cell is what did it for me. I’m not positive that it was ever proven that it damaged optical drives though. I know a bunch of people replaced their drives thinking they were bad though when the starforce driver just prevented them from working. My laptop wouldn’t burn cds because of starforce. Ended up reloading the system to get rid of the problem.

  8. Kestris says:

    Good thing I only play the Assassin’s Creed series on my PS3.

  9. Tedicles says:

    And yet another reason why ‘hacked’ games make sense. At least there is some control, even if it takes some away from the manufacturer. Granted, if you pay and install this program, you do so at your own risk, but what about the LEGAL aspect of buying the game and installing a ‘cracked’ version due to these security risks? Developer still makes the same cash, and people are a little more safe and free….

  10. HogwartsProfessor says:

    Are the Myst games like this? That’s the only Ubisoft games I have right now. I’m glad Consumerist told me; I was thinking about getting the Assassin’s Creed games. Now I won’t.

    • Red Cat Linux says:

      What… the old Myst games? Probably not, but you might Google around a bit to be sure. Those games were popular before the Internet became a household appliance, so an always on connection would not have been required.

  11. fishareboney says:

    I love how I JUST installed this last night after buying it during the Steam Summer Sale. I actually enjoy it a lot. Do I need to uninstall to get rid of this or am I hosed?

  12. Kestris says: