Until just recently, Electronic Arts’ digital game platform Origin had a security vulnerability that could be used to run malicious apps on an Origin user's computer.
Researchers speaking to TechCrunch offered a look at the exploit in action, explaining that the flaw itself allowed would-be attackers to use Origin as a channel to trick users into running any app of the attacker’s choosing.
It was an issue exclusive to the Windows version of the client, and one that the researchers from Underdog Security say took advantage of how Origin uses “origin://“ links to start games by clicking on a link in a webpage.
Combined with other recourses like PowerShell commands, the exploit could theoretically have been used to download and install malicious programs onto the computers of unsuspecting Origin users that clicked a hijacked link. The bug, which EA confirmed has been fixed as of this Monday, also potentially opened the door for hackers to steal account access tokens using a single line of code.
No tags.
