综合技术

Major Bug in EA’s Origin Client Gives Hackers the Keys to Your PC

微信扫一扫,分享到朋友圈

Major Bug in EA’s Origin Client Gives Hackers the Keys to Your PC
0

A security vulnerability in the Windows version of Electronic Arts’ Origin client allows hackers to run code with the same privileges as the logged-in user.

The online gaming platform, which is available on Windows and macOS to download and launch EA’s games, uses its very own origin://
protocol in browsers to directly load games.

Security researchers Daley Bee and Dominik Penner of Underdog Security, discovered a way to abuse this system and run pretty much any app on a compromised host.

In a demo for TechCrunch
, the two researchers launched the built-in Calculator app after a malicious page was loaded on the target computer.

The links, which can be sent to victims through a variety of methods, including emails and instant messaging, could download PowerShell scripts that then open the doors for various malicious payloads which can technically provide hackers with full control of an unpatched computer.

Patch already available

The attacker can obtain the same privileges as the logged-in user, so if an administrator account is used, a successful exploit can lead hackers being able to launch any process or download additional malware.

The good news is that Electronic Arts has already released a fix on Monday, and users are now recommended to update the Origin Windows client to the latest version available for download. If patching isn’t possible right now, you’re recommended to avoid clicking on any link coming from sources you do not trust. The macOS version of the Origin client isn’t vulnerable to attacks.

At this point, it’s not yet clear if any hacking group discovered this vulnerability, but given it was privately reported to Electronic Arts and then fixed rather fast, there’s a high chance the flaw wasn’t actively exploited.

You can also
download the latest version of the Origin client

from Softpedia using this link.

阅读原文...

微信扫一扫,分享到朋友圈

Major Bug in EA’s Origin Client Gives Hackers the Keys to Your PC
0
Softpedia News

数据类型中的一些小知识点

上一篇

产品生命周期的4个阶段,产品经理该怎么做?

下一篇

评论已经被关闭。

插入图片

热门分类

往期推荐

Major Bug in EA’s Origin Client Gives Hackers the Keys to Your PC

长按储存图像,分享给朋友