During the Black Hat security conference in Amsterdam, security research firm, ReVuln, revealed that EA’s Origin game software is vulnerable to hijackings. In some cases, hijackings could occur without any user interaction whatsoever. This exploit works on both Windows and Mac.
The way this exploit works is due to how Origin handles URIs (uniform resource identifiers), which allows malicious links to execute code onto a user’s machine. The demo at the Black Hat security conference showed how ReVuln was able to execute a malicious .dll file by sending a modified URI. So why are URIs even allowed in Origin? Well, many websites use URIs to direct links to games within a program. So clicking on a URI will open up a game within Origin.
While this exploit specifically targets Origin, this isn’t the first time URIs were exploited. Competing game platform, Steam, suffered from a similar attack back in October. A bit of blame can also be shifted to certain browsers for now showing full URI paths. Users have the ability to save actions for certain URIs so applications like Origin will automatically launch. This means users won’t have the ability to preview a URI to scan for malicious code before it executes.
EA has yet to respond to this vulnerability. For now, users should exercise caution when clicking on links from unknown sources.
Source: Ars Technica | ReVuln [PDF]
