Electronic Arts closes leak in Origin that could open programs
EA has patched a vulnerability in game platform Origin that could allow code to run on users’ systems. Security researchers found a way to access other programs through Origin, including PowerShell.
That reports TechCrunch, which spoke with the researchers. The leak has since been fixed, the update for it was rolled out on Monday. The bug was only in the Windows version, the variant for macOS was not affected.
The leak was in the ability to access Origin applications through web pages. Such URLs start with origin://. The researchers found a way to exploit that so that they could open any program on the victim’s computer. All they had to do was make sure that a user clicks on the relevant link. The researchers also say that it was possible to open such URLs through cross-site scripting.
Attackers could also open PowerShell that way and gain extensive access to the system. The bug allowed attackers to access with the same privileges as a logged-in user. Also, according to the researchers, attackers could gain access to the user’s account without needing the password.