Digital Arts has mounted a vulnerability in its on-line gaming platform Origin after safety researchers discovered they might trick an unsuspecting gamer into remotely working malicious code on their laptop.
The bug affected Home windows customers with the Origin app put in. Tens of tens of millions of players use the Origin app to purchase, entry and obtain video games. To make it simpler to entry a person sport’s retailer from the online, the shopper has its personal URL scheme that permits players to open the app and cargo a sport from an online web page by clicking a hyperlink with
origin:// within the tackle.
“An attacker might’ve ran something they needed,” Bee instructed TechCrunch.
The researchers gave TechCrunch proof-of-concept code to check the bug for ourselves. The code allowed any app to run on the similar stage of privileges because the logged-in person. On this case, the researchers popped open the Home windows calculator — the go-to app for hackers to point out they’ll run code remotely on an affected laptop.
However worse, a hacker might ship malicious PowerShell instructions, an in-built app usually utilized by attackers to obtain further malicious parts and set up ransomware.
Bee stated a malicious hyperlink might be despatched as an electronic mail or listed on a webpage, however might additionally triggered if the malicious code was mixed with a cross-site scripting exploit that ran routinely within the browser.
It was additionally attainable to steal a person’s account entry token utilizing a single line of code, permitting a hacker to realize entry to a person’s account while not having their password.
Origin’s macOS shopper wasn’t affected by the bug.
EA spokesperson John Reseburg confirmed a repair was rolled out Monday. TechCrunch confirmed the code now not labored following the replace.