Bug in EA’s Origin client left gamers open to attacks
The patch for the remote code execution vulnerability is already available, so don’t hold off on installing it
Electronic Arts (EA) has fixed a security flaw in the Windows version of its gaming client Origin that allowed attackers to remotely execute code on an affected computer.
The demo shows how Origin could be tricked to pop open the built-in Windows Calculator app. That said, the exploit could be deployed to launch any app and with the same level of privileges as the user. Worse, combined with PowerShell commands an attacker could execute various malicious payloads on the victim’s machine, according the research duo.
The exploit takes advantage of Origin’s URL scheme that, as TechCrunch notes, “allows gamers to open the app and load a game from a web page by clicking a link with origin:// in the address”.
In their demonstration, the researchers click a malicious link. However, in some cases the victim doesn’t even need to click anything. This is because the link can also be triggered “if the malicious code was combined with a cross-site scripting exploit that ran automatically in the browser”.
The loophole can also be exploited to break into gamers’ accounts, as it makes it possible to steal a gamer’s account access token using a single line of code.
It’s unclear if any gamers were actually attacked using the flaw, for which the fix was rolled out on Monday.
The Origin app on Windows is used by tens of millions of gamers. Origin’s macOS client was not affected by this vulnerability.
Tomáš Foltýn 17 Apr 2019 – 05:38PM