Allows malicious users to craft booby-trapped links for executing on Origin user’s computer.
Researchers from Malta-based ReVuln recently demonstrated at the Black hate security conference in Amsterdam this past Friday just how easy it is for some one to use the uniform resource identifiers on Origin, EA’s premier digital platform and online store, to start games on end user machines.
Essentially, by exploiting these flaws, that some one could use Origin to install malware on users’ computers.
Along with the demo, ReVuln researchers Donato Ferrante and Luigi Auriemma wrote an accompanying paper, stating, “The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism. In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed.”
An update from EA states “Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.”
A similar attack was used for Valve’s Steam, which consisted of malicious links with “Steam://” that could be used to execute code which systems may find safe.