EA rolled out a brand new replace for Origin earlier this week to plug a safety breach.
Origin, like many in style apps, makes use of a singular URL (origin://) to permit internet pages to open corresponding content material within the consumer itself. This is used to direct customers to game retailer pages and so forth, as long as they’ve the Origin Windows consumer put in.
Unfortunately, EA’s implementation contained a flaw that may permit hackers to idiot Origin intro operating malicious code. All the sufferer must do is click on an Origin hyperlink.
This flaw was dropped at gentle by researches Daley Bee, and Dominik Penner, who offered TechCrunch with a proof-of-concept code. According to the location, the code may be used to launch Windows PowerShell, which is usually used to put in ransomware.
The excellent news is that EA fastened the difficulty in a hotfix launched on Monday, so ensure your Origin consumer is up to date.
This is definitely Origin’s second safety snafu in latest reminiscence. In November final yr, EA fastened a bug that allowed hackers access to users’ account settings.
Source
