Critical flaw in Origin platform leaves EA with another black eye

first_imgAs if the horrendous SimCity launch and subsequent offline play hullaballoo wasn’t bad enough, EA now has to deal with security researchers at ReVuln finding a critical security flaw in the Origin content delivery platform.According to ReVuln, the problem stems from the way Origin handles the custom origin:// URIs. If an attacker can figure out the unique game ID for a particular title that’s installed on a remote system, he or she could then exploit the flaw and execute arbitrary code. It’s an easy enough guessing game to play, too, since brute forcing possible IDs will eventually turn up something useful. You’re still at risk if the Origin app is installed on your system even if you never use it — because your computer still knows what it’s supposed to do when it sees origin://.It may not even matter if you no longer have any games installed within Origin. If it turns out someone has a way to exploit Origin itself, your system could be at risk.One of the proposed fixes is to globally disable the offending URI using a third-party tool. That would render both web-based links and desktop shortcuts to individual games unusable, but the Origin app would still launch them without missing a beat. A second option would be to simply make it so web browsers ignore the origin:// links. It seems like a quick — and low-impact — workaround since most EA gamers aren’t likely to be launching games from links embedded in Gmail messages or Facebook updates.Makes you wonder how smart it is to install either SimCity or that bonus free game EA is dangling to say sorry for the hilariously bad launch.last_img

Leave a Reply

Your email address will not be published. Required fields are marked *