A security vulnerability in the Windows version of Electronic Arts’ Origin client allows hackers to run code with the same privileges as the logged-in user.
The online gaming platform, which is available on Windows and macOS to download and launch EA’s games, uses its very own origin:// protocol in browsers to directly load games.
Security researchers Daley Bee and Dominik Penner of Underdog Security, discovered a way to abuse this system and run pretty much any app on a compromised host.
In a demo for TechCrunch, the two researchers launched the built-in Calculator app after a malicious page was loaded on the target computer.
The links, which can be sent to victims through a variety of methods, including emails and instant messaging, could download PowerShell scripts that then open the doors for various malicious payloads which can technically provide hackers with full contro… (read more)
Source: Latest News