Breaking News

RCE flaw in Electronic Arts Origin client exposes gamers to hack

Electronic Arts (EA) has fixed a security issue in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer.

Electronic Arts (EA) has addressed a vulnerability in the Windows version of its gaming client Origin that allowed hackers to remotely execute code on an affected computer.

Electronic Arts already released a security patch for the remote code execution vulnerability. The Origin app on Windows is used by tens of millions of gamers. The Origin client for macOS was not affected by this flaw.

The flaw was reported by security experts Dominik Penner and Daley Bee from Underdog Security.

“We located a client-sided template injection, where we proceeded to use an AngularJS sandbox escape and achieve RCE by communicating with QtApplication’s QDesktopServices.” reads a blog post published by
Underdog Security.

“To make it easier to access an individual game’s store from the web, the client has its own URL scheme that allows gamers to open the app and load a game from a web page by clicking a link with origin:// in the address.” reported Techcrunch.

“But two security researchers, Daley Bee and Dominik Penner of Underdog Security, found that the app could be tricked into running any app on the victim’s computer.”

The experts shared a proof-of-concept code with Techcrunch to trigger the issue.

Researchers pointed out that the code allowed any app to run at the same level of privileges as the logged-in user. In the following image, the security duo popped open the Windows calculator remotely.

Electronic Arts Origin client

“But worse, a hacker could send malicious PowerShell commands, an in-built app often used by attackers to download additional malicious components and install ransomware.” continues the post.

An attacker could craft a malicious link and send it via email to the victims or include it on a webpage, the issue could also be triggered if the malicious code was combined with cross-site scripting exploit that ran automatically in the browser.

The flaw can also be exploited by an attacker to take over gamers’ accounts by stealing access token with just a single line of code.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Electronic Arts)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New Triada Trojan comes preinstalled on Android devices<gwmw style="display:none;"></gwmw>

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn…

2 hours ago

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access…

10 hours ago

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited…

18 hours ago

Apple backported fixes for three actively exploited flaws to older devices

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models.…

23 hours ago

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats

Hackers are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted…

24 hours ago

Microsoft warns of critical flaw in Canon printer drivers

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.  Researchers…

2 days ago