EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers

By Digit NewsDesk | Updated Apr 17 2019
EA’s Origin gaming client had a severe vulnerability that could enable hackers to install ransomware on computers
HIGHLIGHTS

Origin, EA’s digital game distribution platform, had a critical security flaw.

The bug could give hackers to run code remotely on a victim’s computer.

EA patched the flaw with a new update to Origin, which was rolled out on Monday.

Go from OpenAPI-to-GraphQL in 2 minutes

Create GraphQL interfaces in minutes and build mobile or client apps quicker. Leverage free, open source IBM Code Patterns.

Click here to know more

Origin, the digital game distribution platform by EA, has reportedly fixed a serious vulnerability in its software. As per TechCrunch, security researchers of Underdog Security, Daley Bee and Dominik Penner found a vulnerability in the Origin app, which could enable an attacker to remotely run malicious code on a victim’s computer. The bug affected the Origin app on Windows and an updated was rolled on Monday to fix it. Origin is a popular online game distribution platform that is used by people to access, download and install games on their systems. Origin’s macOS client was apparently unaffected by the bug. 

As per the report, the flaw originated in the URL scheme of the Origin app that makes it easier to access an individual game’s store from the web. The app uses an ‘origin://’ link in the address to load a game from a web page and the researchers found that using a malicious link, hackers could trick the app to run code remotely on the victim’s computer. This meant that “An attacker could’ve ran anything they wanted,” Bee told TechCrunch. An attacker could also send harmful PowerShell commands, which could enable them to potentially download and install ransomware and other malicious files. 

The malicious link could be sent to a victim over an email or listed on a website. However, it could also be executed if the “malicious code was combined with cross-site scripting exploit that ran automatically in the browser.” The flaw also made it possible to use a single line of code for stealing a user’s account access token, enabling a hacker to obtain access to a user’s account without needing their password. John Reseburg, a spokesperson for EA, confirmed that the flaw was patched with an update to Origin on Monday. 

Origin is the game distribution platform from where the popular online battle royale game Apex Legends can be downloaded. The app also hosts a slew of popular games like Battlefield V, Anthem, Fifa, Titanfall and more. 

Videos

Alienware M15 Gaming Laptop Review
logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.