you are not logged in

Ubisoft Quickly Patch UPlay To Version 2.0.4 - But Does It Fix The Security Hole?


After this morning’s disastrous start for Ubisoft, their engineers have patched and upgraded the uPlay software to version 2.0.4 to try to fix the massive security hole left in previous versions.

To update, you’ll have to launch uPlay, the new version’s sole new aim to “fix addressing browser plugin” with it “now only able to open uPlay application.” Which makes a lot more sense.

Sadly, the fact that you have to open uPlay first means that the vulnerability is still there until you do, so the browser plugin remains an issue until the actual software itself is patched.

Some users are reporting that the proof of concept still fires up Calculator even after the patch too – might be best if you let Ubisoft know if this happens to you.

Update: Ubisoft has addressed the situation directly, issuing the following statement to clarify the aims of this new patch:

We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.

  1. LethalX08
    Since: Nov 2011

    Yep still happening -_-. *facepalm*

    Comment posted on 30/07/2012 at 16:45.
  2. hazelam
    Since: Feb 2009

    and ironically, any pirates playing copies without ubi’s ludicrous drm will not have to worry about this vulnerability.

    do these companies still try to scare people away from piracy with the old “using pirate copies leaves you open to viruses” line?

    Comment posted on 30/07/2012 at 16:51.
    • Forrest_01
      Since: Jun 2009

      I think they stopped using that when people discovered they didn’t actually get the clap from pirating games.

      Comment posted on 30/07/2012 at 17:02.
      • hazelam
        Since: Feb 2009

        i love the way your mind works. ^_^

        Comment posted on 30/07/2012 at 17:10.
      • Forrest_01
        Since: Jun 2009

        Why thank you – I’m available for parties, christenings, bar mitzvahs… :)

        Comment posted on 31/07/2012 at 10:17.
  3. An-dz
    Since: Oct 2010

    The internet just keeps bashing ubisofts DRM to no end

    Comment posted on 30/07/2012 at 17:06.
    • Sympozium
      Since: Aug 2009

      Ubisoft: We’re not listening (LAALALALAALA) (>$~$)>)

      Comment posted on 30/07/2012 at 17:46.
    • Uhyve
      Since: Sep 2008

      I know right, it’s like it a terrible piece of software that shouldn’t exist or something…

      Wait, right yeah, that’s exactly why it’s happening.

      Comment posted on 30/07/2012 at 19:16.
  4. Vandix
    Since: Mar 2009

    Honestly, who uses these kind of plug-ins anyway?

    Comment posted on 30/07/2012 at 22:14.
    • Uhyve
      Since: Sep 2008

      Apparently it autoinstalls with any recent Ubisoft game, so you might have it and not know it. If you do have an Ubisoft game installed, make sure you run it in order to get rid of the vulnerability.

      The real question is why the hell Ubisoft is using a browser plugin for Uplay. Apparently all this plugin was meant to do is allow Ubisoft to start Uplay from a website. But you can use URI handling for that much like Steam does. If I remember right, this would have needed a single extra command in an install script. So this plugin is literally completely useless, and just a really odd waste of time… that is unless they were using it for less than legal purposes, which is kind of tin foil hat stuff.

      The only reason I can think of for the existence of this plugin is Ubisoft hiring developers who don’t know the first thing about Windows programming.

      Comment posted on 31/07/2012 at 00:32.

Latest Comments