UPlay patch 2.0.4 fixes security flaw, Ubisoft issues statement
Ubisoft has released a patch 2.0.4 which appears to address the security flaw found in the company's UPlay client.
Brought to our attention earlier today from programmer Tavis Ormandy, the UPlay client contained a vulnerability that could allow malicious websites to take control of your PC via a browser plugin. The vulnerability appeared to have affected anyone with key Ubisoft games installed, including several Assassin's Creed titles, Splinter Cell: Conviction, and Ghost Recon: Future Soldier.
Rest easy; Ubisoft has since fixed the security flaw. As per patch notes, the version 2.0.4 contains the "fix addressing browser plugin. Plugin now only able to open Uplay application".
In addition, Ubisoft has also issued a statement to UPlay users who may be wary of the application:
We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.
Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.
Running the client should allow it to update in order to close the loophole.