Ubisoft’s digital rights management system Uplay was revealed by a white hat hacker to be a rootkit this morning, at least on PC. Uplay comes with almost every game that Ubisoft publishes for the PC, including the popular Assassin’s Creed franchise.
Tavis Ormandy, an information security engineer with Google, published an exploit today that allows anyone to access a computer with Uplay installed on their PC, making it a massive security risk. This means that anyone with the right code can take over your computer, and all the information on it.
Games affected include:
- Assassin’s Creed II
- Assassin’s Creed: Brotherhood
- Assassin’s Creed: Project Legacy
- Assassin’s Creed Revelations
- Assassin’s Creed III (Tentative)
- Beowulf: The Game
- Brothers in Arms: Furious 4
- Call of Juarez: The Cartel
- Driver: San Francisco
- From Dust
- Heroes of Might and Magic VI
- Just Dance 3
- Prince of Persia: The Forgotten Sands
- Pure Football
- Shaun White Skateboarding
- Silent Hunter 5: Battle of the Atlantic
- The Settlers 7: Paths to a Kingdom
- Tom Clancy’s H.A.W.X. 2
- Tom Clancy’s Ghost Recon: Future Soldier
- Tom Clancy’s Splinter Cell: Conviction
- Your Shape: Fitness Evolved
If you have any of these games on your ststem, I would recommend uninstalling them and Uplay right away, clear the browser cache (especially if you bank online) and change any sensitive passwords. As far as I know, this exploit does not apply to consoles, but if you have any of their Facebook games and have been connecting via Uplay, I would delete all that just to be safe.
UPDATE: Here is how to actually fix it. It’s basically a browser extension, so:
Firefox: Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
Chrome: Visit about:plugins and disable
Opera: Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete
If you’re using Internet Explorer, Microsoft has posted how to disable browser extensions here.