Ubisoft Quickly Patch UPlay To Version 2.0.4 – But Does It Fix The Security Hole?

After this morning’s disastrous start for Ubisoft, their engineers have patched and upgraded the uPlay software to version 2.0.4 to try to fix the massive security hole left in previous versions.

To update, you’ll have to launch uPlay, the new version’s sole new aim to “fix addressing browser plugin” with it “now only able to open uPlay application.” Which makes a lot more sense.

Sadly, the fact that you have to open uPlay first means that the vulnerability is still there until you do, so the browser plugin remains an issue until the actual software itself is patched.

Some users are reporting that the proof of concept still fires up Calculator even after the patch too – might be best if you let Ubisoft know if this happens to you.

Update: Ubisoft has addressed the situation directly, issuing the following statement to clarify the aims of this new patch:

We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.


  1. Yep still happening -_-. *facepalm*

  2. and ironically, any pirates playing copies without ubi’s ludicrous drm will not have to worry about this vulnerability.

    do these companies still try to scare people away from piracy with the old “using pirate copies leaves you open to viruses” line?

    • I think they stopped using that when people discovered they didn’t actually get the clap from pirating games.

      • i love the way your mind works. ^_^

      • Why thank you – I’m available for parties, christenings, bar mitzvahs… :)

  3. The internet just keeps bashing ubisofts DRM to no end

    • Ubisoft: We’re not listening (LAALALALAALA) (>$~$)>)

    • I know right, it’s like it a terrible piece of software that shouldn’t exist or something…

      Wait, right yeah, that’s exactly why it’s happening.

  4. Honestly, who uses these kind of plug-ins anyway?

    • Apparently it autoinstalls with any recent Ubisoft game, so you might have it and not know it. If you do have an Ubisoft game installed, make sure you run it in order to get rid of the vulnerability.

      The real question is why the hell Ubisoft is using a browser plugin for Uplay. Apparently all this plugin was meant to do is allow Ubisoft to start Uplay from a website. But you can use URI handling for that much like Steam does. If I remember right, this would have needed a single extra command in an install script. So this plugin is literally completely useless, and just a really odd waste of time… that is unless they were using it for less than legal purposes, which is kind of tin foil hat stuff.

      The only reason I can think of for the existence of this plugin is Ubisoft hiring developers who don’t know the first thing about Windows programming.

Comments are now closed for this post.