informa
/
Console
News

A now-fixed Origin vulnerability potentially opened the client to hackers

Until just recently, Electronic Arts’ digital game platform Origin had a security vulnerability that could be used run malicious apps on a user’s computer.

Until just recently, Electronic Arts’ digital game platform Origin had a security vulnerability that could be used to run malicious apps on an Origin user's computer.

Researchers speaking to TechCrunch offered a look at the exploit in action, explaining that the flaw itself allowed would-be attackers to use Origin as a channel to trick users into running any app of the attacker’s choosing. 

It was an issue exclusive to the Windows version of the client, and one that the researchers from Underdog Security say took advantage of how Origin uses “origin://“ links to start games by clicking on a link in a webpage. 

Combined with other recourses like PowerShell commands, the exploit could theoretically have been used to download and install malicious programs onto the computers of unsuspecting Origin users that clicked a hijacked link. The bug, which EA confirmed has been fixed as of this Monday, also potentially opened the door for hackers to steal account access tokens using a single line of code.

Latest Jobs

Sucker Punch Productions

Bellevue, Washington
08.27.21
Combat Designer

Xbox Graphics

Redmond, Washington
08.27.21
Senior Software Engineer: GPU Compilers

Insomniac Games

Burbank, California
08.27.21
Systems Designer

Deep Silver Volition

Champaign, Illinois
08.27.21
Senior Environment Artist
More Jobs   

CONNECT WITH US

Register for a
Subscribe to
Follow us

Game Developer Account

Game Developer Newsletter

@gamedevdotcom

Register for a

Game Developer Account

Gain full access to resources (events, white paper, webinars, reports, etc)
Single sign-on to all Informa products

Register
Subscribe to

Game Developer Newsletter

Get daily Game Developer top stories every morning straight into your inbox

Subscribe
Follow us

@gamedevdotcom

Follow us @gamedevdotcom to stay up-to-date with the latest news & insider information about events & more