Travis Ormandy, an Information Security Engineer at Google, recently discovered a security vulnerability with Ubisoft’s Uplay. While installing Assassin’s Creed Revelations Travis noticed the installation procedure created an insecure browser plug-in for the Uplay launcher.
“…while on vacation recently I bought a video game called “Assassin’s Creed Revelations”. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it’s accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites.”
Ubisoft responded later today with Uplay version 2.0.4, which users should install without a web browser open. Additionally, the following statement was issued:
“Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues”