Skip to main content

Origin update fixes major vulnerability

EA rolled out a new update for Origin earlier this week to plug a security breach.

Origin, like many popular apps, uses a unique URL (origin://) to allow web pages to open corresponding content in the client itself. This is used to direct users to game store pages and so on, so long as they have the Origin Windows client installed.

Unfortunately, EA's implementation contained a flaw that would allow hackers to fool Origin intro running malicious code. All the victim needs to do is click an Origin link.

This flaw was brought to light by researches Daley Bee, and Dominik Penner, who provided TechCrunch with a proof-of-concept code. According to the site, the code could also be used to launch Windows PowerShell, which is often used to install ransomware.

The good news is that EA fixed the issue in a hotfix released on Monday, so make sure your Origin client is updated.

This is actually Origin's second security snafu in recent memory. In November last year, EA fixed a bug that allowed hackers access to users' account settings.

Read this next