Oh boy, is it not a good thing.
EA hasn’t exactly had a great year. And considering that, well things fall through the cracks. Which is mostly why it might be a good idea to update the Origin Client if you use it. Like, now.
Why? Because a security flaw in the Windows version allowed hackers to run or install any application they want on the user’s computer, through means no more complicated than a hyperlink. The flaw was discovered by Daley Bee and Dominik Penner of Underdog Security. The flaw is due to EA’s usage of a custom URL protocol which allowed users to get to a game’s web store by browser instead of the client.
Essentially, all of those “origin://” links were easily tricked into installing malware on a user’s computer. Bee explained that by combining malicious code with a cross-site scripting exploit, hackers could make it so that merely clicking a link could install that malware on a system. And not one for half measures, the Underdog Security team highlighted the flaw by creating a link that opened Windows Calculator when clicked.
The most recent patch for Origin fixes the exploit, though, which is why you should update it posthaste. Only the Windows version was affected by it, though; that said, you should probably update it even if you’re not using Windows. And, most importantly, no one seems to have actually been attacked in the way described above.
Source: Gizmodo
About Author
