|Origin exploit found by third-party firm, "allows malicious users" to swap links|
|Posted: 19.03.2013 15:58 by Simon Priest||Comments: 7|
ReVuln researchers have found a particularly nasty coding exploit in EA's Origin platform that effectively could let malicious coders swap links around inside the platform to launch damaging attacks remotely.
The third-party security firm has published a detailed report on how EA can address the problem, and the publisher says they are "investigating" the issue. Avoid desktop icon launches for now.
By launching titles directly through the Origin platform you bypass the potential for links to be tampered with, such as those created on desktops and in start menus.
"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," said ReVuln researchers Donato Ferrante and Luigi Auriemma. "In other words, an attacker can craft a malicious internet link to execute malicious code remotely on a victim's system, which has Origin installed."
The pair has on how to tackle the exploit.
This certainly comes at a bad time for EA who are currently battling against negative PR surrounding the troubled launch of SimCity, and now the departure of CEO John Riccitiello. No one is said to have discovered the exploit and taken advantage at this stage. Hopefully a hotfix will be shortly due from EA's Origin team.