After this morning’s disastrous start for Ubisoft, their engineers have patched and upgraded the uPlay software to version 2.0.4 to try to fix the massive security hole left in previous versions.
To update, you’ll have to launch uPlay, the new version’s sole new aim to “fix addressing browser plugin” with it “now only able to open uPlay application.” Which makes a lot more sense.
Sadly, the fact that you have to open uPlay first means that the vulnerability is still there until you do, so the browser plugin remains an issue until the actual software itself is patched.
Some users are reporting that the proof of concept still fires up Calculator even after the patch too – might be best if you let Ubisoft know if this happens to you.
Update: Ubisoft has addressed the situation directly, issuing the following statement to clarify the aims of this new patch:
We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.