Bug in EA’s Origin client left gamers open to attacks


The gaming company has rolled out a fix for the remote code execution vulnerability, so make sure you run the platform’s latest version.

Electronic Arts (EA) has fixed a security flaw in the Windows version of its gaming client Origin that allowed attackers to remotely execute code on an affected computer.

The vulnerability was discovered by Dominik Penner and Daley Bee of Underdog Security, who also created and shared proof-of-concept code with TechCrunch.

The demo shows how Origin could be tricked to pop open the built-in Windows Calculator app. That said, the exploit could be deployed to launch any app and with the same level of privileges as the user. Worse, combined with PowerShell commands, an attacker could execute various malicious payloads on the victim’s machine, according the research duo.

The exploit takes advantage of Origin’s URL scheme that, as TechCrunch notes, “allows gamers to open the app and load a game from a web page by clicking a link with origin:// in the address”.

In their demonstration, the researchers click a malicious link. However, in some cases the victim doesn’t even need to click anything. This is because the link can also be triggered “if the malicious code was combined with a cross-site scripting exploit that ran automatically in the browser”.

The loophole can also be exploited to break into gamers’ accounts, as it makes it possible to steal a gamer’s account access token using a single line of code.

It’s unclear if any gamers were actually attacked using the flaw, for which an update was rolled out on Monday.

The Origin app on Windows is used by tens of millions of gamers. Origin’s macOS client was not affected by this vulnerability.

written by Tomas Foltyn, ESET We Live Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s