EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers

By Digit NewsDesk | Updated 17 Apr 2019
EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers
  • Origin, EA’s digital game distribution platform, had a critical security flaw.
  • The bug could give hackers to run code remotely on a victim’s computer.
  • EA patched the flaw with a new update to Origin, which was rolled out on Monday.

Origin, the digital game distribution platform by EA, has reportedly fixed a serious vulnerability in its software. As per TechCrunch, security researchers of Underdog Security, Daley Bee and Dominik Penner found a vulnerability in the Origin app, which could enable an attacker to remotely run malicious code on a victim’s computer. The bug affected the Origin app on Windows and an updated was rolled on Monday to fix it. Origin is a popular online game distribution platform that is used by people to access, download and install games on their systems. Origin’s macOS client was apparently unaffected by the bug. 

advertisements

As per the report, the flaw originated in the URL scheme of the Origin app that makes it easier to access an individual game’s store from the web. The app uses an ‘origin://’ link in the address to load a game from a web page and the researchers found that using a malicious link, hackers could trick the app to run code remotely on the victim’s computer. This meant that “An attacker could’ve ran anything they wanted,” Bee told TechCrunch. An attacker could also send harmful PowerShell commands, which could enable them to potentially download and install ransomware and other malicious files. 

The malicious link could be sent to a victim over an email or listed on a website. However, it could also be executed if the “malicious code was combined with cross-site scripting exploit that ran automatically in the browser.” The flaw also made it possible to use a single line of code for stealing a user’s account access token, enabling a hacker to obtain access to a user’s account without needing their password. John Reseburg, a spokesperson for EA, confirmed that the flaw was patched with an update to Origin on Monday. 

Origin is the game distribution platform from where the popular online battle royale game Apex Legends can be downloaded. The app also hosts a slew of popular games like Battlefield V, Anthem, Fifa, Titanfall and more. 

advertisements
advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

How to install Ubutnu on my Lenovo g505s?
Kishan S. Rakholiya
Sept 19, 2014
Responses 1
Vivek Bhatt
Sept 22, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements