uplay Ubisoft DRM is a security risk

RockPaperShotgun is reporting that the PC browser plugin for Ubisoft’s Uplay software contains a software vulnerability that could allow someone to run pretty much anything they want on your machine.

Ubisoft may have plugged the hole, but it’s difficult to know for sure as they don’t appear to be discussing the issue. There are reports on the Ubi forums (thanks, Imperial Dane) that Uplay has been updated to version 2.04, which if the commenter is accurate bears the note “‘Fix addressing browser plugin. Plugin now only able to open uPlay application.” If your Uplay hasn’t/won’t update to version 2.04, I’d get rid of it and its plugin for now. To be honest I’d get rid of the plugin regardless, until we’re sure the problem’s been resolved.

This only appears to be a problem with the PC browser plugin, and indications are that it has been patched, but you might want to keep an eye on it anyway.