Earlier this week, analysts at Underdog Security discovered a vulnerability in EA's Origin game launcher that can allow hackers an opportunity to remotely run a malicious code on a user's system. This flaw affects the PC version of Origin and, according to TechCrunch, Origin uses its own URL system for players to open the app by "clicking a link with origin:// in the address" line. However, the exploit "tricked" Origin into running any app on the user's PC, giving them free access to everything.
Hackers also had the ability to run "malicious PowerShell" commands that can download and install other malware and ransomware on a user's PC.
Bee said a malicious link could be sent as an email or listed on a webpage, but could also be triggered if the malicious code was combined with a cross-site scripting exploit that ran automatically in the browser.
It was also possible to steal a user’s account access token using a single line of code, allowing a hacker to gain access to a user’s account without needing their password.
After reports surfaced regarding the vulnerability, EA pushed out an Origin update and TechCrunch verified it closed the loophole.
Be sure to update Origin to ensure your system is not at risk.
