Ubisoft blames coding error for Uplay browser exploit

Ubisoft has said yesterday's Uplay browser plug-in exploit was caused by a “coding error” and that the online service did not include a rootkit.

Speaking with Kotaku, a Ubisoft representative told the site: “The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed unintended access to systems usually used by Ubisoft PC game developers to make their games.

"The browser plugin that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”

Yesterday, after the flaw in the system was found, an updated version of the Uplay PC installer with the patch was quickly released by Ubisoft.