If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Origin update fixes major vulnerability

EA rolled out a new update for Origin earlier this week to plug a security breach.

Origin, like many popular apps, uses a unique URL (origin://) to allow web pages to open corresponding content in the client itself. This is used to direct users to game store pages and so on, so long as they have the Origin Windows client installed.

Unfortunately, EA's implementation contained a flaw that would allow hackers to fool Origin intro running malicious code. All the victim needs to do is click an Origin link.

This flaw was brought to light by researches Daley Bee, and Dominik Penner, who provided TechCrunch with a proof-of-concept code. According to the site, the code could also be used to launch Windows PowerShell, which is often used to install ransomware.

The good news is that EA fixed the issue in a hotfix released on Monday, so make sure your Origin client is updated.

This is actually Origin's second security snafu in recent memory. In November last year, EA fixed a bug that allowed hackers access to users' account settings.

Sign in and unlock a world of features

Get access to commenting, homepage personalisation, newsletters, and more!

Related topics
About the Author
Sherif Saed avatar

Sherif Saed

Contributor

Sherif (he/him) is VG247’s go-to shooter and Souls-likes person. Whether it’s news, reviews, or op-eds – Sherif is always eager to tell you about video games. He's one of VG247's most veteran writers, with 10+ years experience on the site.

Comments