Take heed before you click that shady hyperlink–security researchers have found an exploit in Origin’s remote-launching capabilities which would let attackers to run malicious code on user’s systems. The presentation last week, reported by Ars Technica, illustrated how Origin’s uniform resource identifiers can be exploited.
“[A]n attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed,” the researchers wrote in an accompanying paper.
These URIs are used to let websites and client-side programs interact, so in this case a website can launch a game on a client’s computer. But those links can be used for nefarious purposes, as well–assuming the malicious bit of software is already there on the computer, awaiting activation.
Electronic Arts responded to Ars Technica, saying “our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.” For what it’s worth, a similar flaw was discovered with Steam’s URI system last year and we haven’t heard of any epidemics yet.