Rated Excellent
Weekend delivery available
0% Interest on PCs
Custom PCs built fast
3 year on-site PC warranty*

Ubisoft denies rootkit in Uplay

A security flaw found in Ubisoft's Uplay that acted like a rootkit has been fixed with an update.

Video game company Ubisoft has denied the existence of a rootkit in the Uplay PC application, after it was revealed that the software allowed arbitrary root execution.

A rootkit is a malicious piece of software that hides programs or processes from typical detection methods and, therefore, allowing hackers to gain unauthorised access to a computer.

The BBC reported that a Google employee, Tavis Ormandy, spotted the security flaw in Uplay, an app that rewards gamers with free content for playing Ubisoft titles. He noted that the installation "creates a browser plug-in for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites".

Ubisoft has denied purposefully installing a rootkit, or any malicious software, and has since fixed the security flaw in Uplay.

A spokesperson for Ubisoft said: "The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they're being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine."

Therefore, the plugin had no malicious intent and was not widely exploited.

Ubisoft has recommended all users close any web browsers and restart the Uplay client in order to update it without the security flaw. Alternatively they can download the updated version from the Uplay website.

The firm has confirmed that it takes "security issues very seriously" and responds to any reports of vulnerabilities within the software it produces, insisting that it will take speedy action if there are any issues found.

Video games affected by the exploit included the multi-million selling Assassin's Creed series, Call of Juarez: San Francisco, Just Dance 3, several titles in the Tom Clancy franchise and Prince of Persia: The Forgotten Sands.ADNFCR-1220-ID-801419180-ADNFCR