Ubisoft’s DRM service Uplay had been rumored to contain a rootkit after a security breach which allowed outsiders to access information from other computers via Uplay. A rootkit is a very serious type of malware which allows the access of core directories in a system, or the “root”, as it were. The company denied these claims, instead blaming the issue on a “coding error” in Uplay.
“The issue is not a rootkit,” according to an official statement released by a representative of Ubisoft. “The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games.”
Here is Ubisoft’s outline of the problem:
The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.
These are the things that they did to fix it:
The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plugin so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
And this is their recommended solution to the issue:
To update your Uplay client and apply the patch:
-Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.) If the web browser is open during the patch it will require restarting the browser.
-Launch the Uplay PC client. The Uplay PC client update will start automatically.
An updated version of the Uplay PC installer is also available to download from Uplay.com.
The company said that their problem with Uplay had nothing to do with its DRM policies, rather demanding policies which are a common topic for people to criticize Ubisoft over.