Ubisoft’s broken it silence on yesterday’s news that its PC-centric Uplay service was hiding an intention backdoor – saying it was a security flaw and the result of human error, not the nefarious rootkit it was believed to be.
"The issue is not a rootkit," Ubisoft said in an official statement. "The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games."
“The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made, they continued. “This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”
The company’s also forced a patch to fix the particular flaw – so if you’re running any Ubisoft PC games, it’s probably a good idea for you to update.
“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”
That’s the official line, folks. A flaw, not a rootkit. Remember Hanlon’s Razor: Never attribute to malice that which is adequately explained by stupidity.
Last Updated: July 31, 2012