News

Vulnerability in EA Origin client allows intruders to control gamers’ PCs

For convenience of millions of users Origin supports URL that begins with «origin://».

Such links make possible to open application quickly and download a game, following a simple link from the website.

Researchers of Undergo Security found that using this bag intruders could make links “origin://../malware”, that would enable attackers to use any application with the rights of current user.

“An attacker could’ve ran anything they wanted,” – argue Underdog Security experts.

Specialists explain that potential cybercriminals could also transit PowerShell commands to vulnerable PC, in this way loading in system additional malware and installing it.

Malware origin:// link could be sent user in a letter or published on intruders’ web-page. In combination with XSS-vulnerability exploit could also work independently, without victim’s participation.

Moreover, bug allowed abduction of tokens from users’ accounts with the use of simple one-line code. As a result, criminals got access to user’s account without a password.


‘Popping calc’ to demonstrate a remote code execution bug in Origin

EA developers already eliminated this problem; update for vulnerability issued on Monday, April 15, 2019.

Source: https://techcrunch.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Re-captha-version-4-21.buzz Pop-up Ads

About Re-captha-version-4-21.buzz Re-captha-version-4-21.buzz pop-ups can not launch out of the blue. If you have actually…

4 hours ago

Remove Eliteadblocker.net Pop-up Ads

About Eliteadblocker.net Eliteadblocker.net pop-ups can not expose out of the blue. If you have clicked…

9 hours ago

Remove News-xzexivu.info Pop-up Ads

About News-xzexivu.info News-xzexivu.info pop-ups can not introduce out of the blue. If you have actually…

11 hours ago

Remove Linkbtrads.top Pop-up Ads

About Linkbtrads.top Linkbtrads.top pop-ups can not expose out of nowhere. If you have actually clicked…

11 hours ago

Remove News-xzekevu.xyz Pop-up Ads

About News-xzekevu.xyz News-xzekevu.xyz pop-ups can not introduce out of the blue. If you have actually…

11 hours ago

Remove News-xzurufo.xyz Pop-up Ads

About News-xzurufo.xyz News-xzurufo.xyz pop-ups can not introduce out of the blue. If you have clicked…

11 hours ago