Origin update fixes major vulnerability

By Sherif Saed
17 April 2019 13:19 GMT

EA rolled out a new update for Origin earlier this week to plug a security breach.

Origin, like many popular apps, uses a unique URL (origin://) to allow web pages to open corresponding content in the client itself. This is used to direct users to game store pages and so on, so long as they have the Origin Windows client installed.

Unfortunately, EA’s implementation contained a flaw that would allow hackers to fool Origin intro running malicious code. All the victim needs to do is click an Origin link.

This flaw was brought to light by researches Daley Bee, and Dominik Penner, who provided TechCrunch with a proof-of-concept code. According to the site, the code could also be used to launch Windows PowerShell, which is often used to install ransomware.

The good news is that EA fixed the issue in a hotfix released on Monday, so make sure your Origin client is updated.

This is actually Origin’s second security snafu in recent memory. In November last year, EA fixed a bug that allowed hackers access to users’ account settings.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. Read our policy.

VG247 logo

Buy our t-shirts, yeah

They're far more stylish than your average video game website tat.

VG247 merch