Breaking: Ubisoft’s Uplay Revealed to be Rootkit (UPDATED)

Ubisoft’s digital rights management system Uplay was revealed by a white hat hacker to be a rootkit this  morning, at least on PC. Uplay comes with almost every game that Ubisoft publishes for the PC, including the popular Assassin’s Creed franchise.

Tavis Ormandy, an information security engineer with Google, published an exploit today that allows anyone to access a computer  with Uplay installed on their PC, making it a massive security risk. This means that anyone with the right code can take over your computer, and all the information on it.

Games affected include:

• Assassin’s Creed II

• Assassin’s Creed: Brotherhood

• Assassin’s Creed: Project Legacy

• Assassin’s Creed Revelations

• Assassin’s Creed III (Tentative)

• Beowulf: The Game

• Brothers in Arms: Furious 4

• Call of Juarez: The Cartel

• Driver: San Francisco

• From Dust

• Heroes of Might and Magic VI

• Just Dance 3

• Prince of Persia: The Forgotten Sands

• Pure Football

• R.U.S.E.

• Shaun White Skateboarding

• Silent Hunter 5: Battle of the Atlantic

• The Settlers 7: Paths to a Kingdom

• Tom Clancy’s H.A.W.X. 2

• Tom Clancy’s Ghost Recon: Future Soldier

• Tom Clancy’s Splinter Cell: Conviction

• Your Shape: Fitness Evolved

If you have any of these games on your ststem, I would recommend uninstalling them and Uplay right away, clear the browser cache (especially if you bank online) and change any sensitive passwords. As far as I know, this exploit does not apply to consoles, but if you have any of their Facebook games and have been connecting via Uplay, I would delete all that just to be safe.

UPDATE: Here is how to actually fix it. It’s basically a browser extension, so:

Firefox: Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins

Chrome: Visit about:plugins and disable

Opera: Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete

If you’re using Internet Explorer, Microsoft has posted how to disable browser extensions here.