We have released a new patch for Uplay PC, which will update your client to version 2.0.4. This patch corrects a flaw in the browser plug-in that was brought to our attention earlier today. We recommend that you update your Uplay PC following the instructions below. We're sorry for the inconvenience this has caused.
The browser plug-in that we used to launch the application through uplay.com was able to take command line arguments that developers used to launch their games while they're being made. This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.
The issue was brought to our attention early Monday morning and we had a fix into our QC department an hour and a half later. An automatic patch was launched that fixes the browser plug-in so that it will only open the Uplay application. Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
To update your Uplay client and apply the patch:
1. Close any open web browsers (Internet Explorer, Firefox, Chrome, Opera, etc.). If the web browser is open during the patch it will need to be restarted once the Uplay client ah.
2. Launch the Uplay PC client. The Uplay PC client update will start automatically.
An updated version of the Uplay PC installer is also available to download from uplay.com.
It's time for us legal buyers to take consequences and say good bye UBI.
This is a perfect example why launcher concepts and DRM measures are an impertinence for all people who BUY a game LEGALLY!
UBI are just carrying things too far. And to make it worse they think they are on the right side...
So far, i had more problems with the legit titles, than the pirated ones.
For heroes of might and magic vi i'm still in doubt if i should use the reloaded version... had less problems with that one before i bought it legal...
problems with legal version of Heroes VI:
- Save games gone after uplay update
- Uplay authentication servers down during steam sales.
- DRM issues that allow hackers to execute programs through html code.
- Always Online requirement to be able to do all quests and have dynasty stuff
advantages reloaded version:
- Full offline play enabled
- No DRM issues
- No Always online issues
- Local Save Games that won't dissapear.
Ubisoft and EA are the root of evil when it comes to extreme drm measures....
This is a pretty serious matter that could even be construed as criminal negligence on Ubisoft part. I have some question for Ubisoft:
How long was this problem active before it was reported and Ubisoft did something about it.
Just what procedures are Ubisoft taking to make sure that this sort of thing will not happen again.
What kind of compensation are Ubisoft going to offer to the people that have been effected by this very serious and inexcusable mistake.
What has happened to the people responsible for this serious breach to Ubisofts customers security, as it is such a serious matter perhaps these people should even be losing their jobs over this.
Ubisoft need to step up and take full responsibility for this as it is of their own doing, it is so serious perhaps there should even be some sort of criminal investigation being launched over it. Just Ubisoft saying we are sorry and we have taking care of the problem is just not good enough, there has to be some kind of punishment over this, one that is as serious as the initial offense, so that Ubisoft will think twice before doing it again.
Ubifail is bullshiitingting us for over 2 years now! U just realized that yesterday?
they dont give a shiit about their customers! "they are all pirates" ^^ remember that?
just play the releases of reloaded, skidrow and razor and u ll have no props
Huh, I see the word "fix" in the title, but no where in the body of the OP do I read of any fix. What I see is plugging up that consistently leaky pipe in the wall with bubblegum. A fix would be to remove the Uplay client completely. It's unnecessary, unreliable, untrustworthy and nothing more nor less than a hindrance to paying customers, you know, that group of us that hasn't been smart enough to just pirate all of your PC releases yet.
Furthermore, why does Uplay need browser plug-ins, actually let me rephrase that, why were useless browser plug-ins installed on my PC, silently, in the first place? Disabling them does not hinder the Uplay client in the slightest, yet there they are, useless, a constant possible threat (remember, you're untrustworthy), and no uninstall button to be found. Steam doesn't use them, Origin doesn't use them, Good Old Games doesn't utilize them, Green Man Gaming doesn't use them, Impulse doesn't need them, why in the hell do you? Can't you do what you feel needs to be done in one, invasive, untrustworthy program to begin with?
We spend in the low end roughly $800 and on the higher end in upwards of $3,000 for our machines, have you no respect for our property, our security? I know you have no respect for the fact that we feed, cloth, and put a roof over your families, so I guess the jokes on me for thinking that question would end up well in my favor.
Anyway, having to utilize the Uplay client is an official no sale point in my book. Any title moving forward that keeps up using Uplay instead of Steam or other, more reliable programs, hell, even Origin would work, then I'll save my money, which I have plenty of ripe for the taking if you want it, for someone who actually wants my business. That said, don't think for a second I'm going to be skipping your titles. Any titles I currently have; SC: Conviction and AC: Revelations will be cracked, Uplay will be uninstalled, and moving forward I'll act exactly according to how you treat me, either way is fine with me, it's your choice.
Have a good one bubblegum plumbers and the next time you tuck your little kiddo into bed, curl up on your couch with the lover/spouse, or eat a nice meal, remember who it is that funds the checks you cash to make it all possible.
Last edited by XI_Strid_IX; 07-31-2012 at 03:00 PM.
There is no info nor question while installing Uplay about adding any "plugin" nor messing with any other software.
Every other installer all over the world ASKS if we want to install a plugin to something or not. If it doesn't ask, it's probably a malicious software. Just like in this case. If it wasn't deliberate, then uplay installer wouldn't hide the fact it's installing some "plugin".
I've disabled your plugins in my browsers. If you want to make your own browser with a "plugin", please make it. But I want my browser clean and without any 3rd party "additions".
Hopefully Mozilla will blacklist this plugin because installing it is not an option but is installed secretly so users don't even know it's there, lurking. For all I know, it might be sniffing my credit card data. Yea, you'll say it doesn't do that, sorry but I was already bitten by a snake and I'm not happy when I see any common lizzard now.
In the meantime, I just want to share with other customers the fact that HoMM6 works flawlessly with only Uplay running while those plugins, plugins that only Ubisoft knows why they exist in the first place, are disabled.
Last edited by JoxerTheMigthy; 07-31-2012 at 03:51 PM.
I have another question that no doubt Ubisoft will not reply to:
Why has there not been any kind of communication sent out to Ubisoft customers warning them about this problem. As soon as it was made apparent to Ubisoft there should have been a massive email shoot sent out to every single Ubisoft customer warning them about the problem and telling them how to solve it. Just the point that there has not been any communication from Ubisoft, just shows how much contempt they have for their customers. Just how many computers are out there still vulnerable and open to attack due to Ubisofts incompetence, that's the incompetence in not being able to communicate and send out warning emails, not the original incompetence.
So far, any problems I've had with Ubisoft games are all because of UPlay. It's completely unnecessary and just causes issues for paying customers. After half my Ubisoft games were bought via Steam, which does precisely what UPlay fails miserably at and does it without being intrusive or automatically assuming I'm a filthy criminal, UPlay is doubly obsolete.
If I'd just pirated the games I'd have none of these problems. It's pathetic. I'm glad I picked up the Assassin's Creed series for a song on Steam, because I'm never spending another penny on anything requiring UPlay.