UPlay Security Flaw Explained
The UPlay security flaw which was patched up by Ubisoft yesterday has been explained by a coding error.
“The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games.
The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”
The gap in security was quickly patched up and solved by Ubisoft.