The vulnerability is caused by the method used to render text chat messages by the Origin Client’s web browser. More information about how we classify security impact and severity can be found here. Typically, the fewer barriers that exist to exploitation combined with a higher Security Impact, the higher the Issue Severity designation. As part of our investigation, security engineers determine the overall ease of exploitation and how an attacker would need to successfully exploit the vulnerability. Issue severity is based on a 4-point scale ranging from Critical to Low. If they are already logged in, they will need to restart Origin to get the update. On the next player login, the player will be required to update before entering their credentials. To address the vulnerability players with Administrator rights are advised to install the latest version of the Origin Client, version 10.5.87. To address the vulnerability, players should follow the steps outlined in the Resolution section of this advisory. There are no workarounds for this vulnerability.Workarounds are steps EA customers can take to reduce the potential for an attacker to leverage the vulnerability if they cannot or choose not to install the update. To attack an arbitrary Origin user that is not on their friends list, the attacker must first convince the user to accept an Origin friend request. An attacker can only send text chat messages to a specific user, if the user is on the attacker’s friends list.If Origin is already running on the target system, the attacker must convince the target user to restart their Origin client, or wait for the user to restart their Origin client. The payload sent by the attacker to the affected system will only be executed when Origin starts on the target user’s system.Mitigations describe factors that limit the likelihood or impact of an attacker successfully leveraging the vulnerability. The attacker must wait for the user to restart the Origin Client, or otherwise convince the user to restart their Origin Client. If the user is already running the Origin client when the message is delivered, the payload will not execute immediately.If the message is delivered, and the system is not running the Origin Client at that time, the payload will execute when the user next runs the Origin Client. ![]() The crafted message contains a Javascript payload that will execute in the Origin Client, when the client next starts. To successfully leverage the vulnerability, the attacker must log into the Origin Client using a valid Origin account, and use Origin’s text chat functionality to send a specially crafted text chat message to the affected system. ![]() ![]() ![]() An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window. Latest Games Coming Soon Free-To-Play EA SPORTS EA Originals Games Library EA app Deals PC PlayStation 5 Xbox Series X Nintendo Switch Mobile Pogo EA Play The EA app Competitive Gaming EA Play Live Playtesting Company EA Studios Careers Our Technology EA Partners News Inside EA Our Commitments Positive Play Inclusion & Diversity Social Impact People & Culture Environment Help Forums Player and Parental Tools Accessibility Press Investors Latest Games Coming Soon Free-To-Play EA SPORTS EA Originals Games Library EA app Deals PC PlayStation 5 Xbox Series X Nintendo Switch Mobile Pogo EA Play The EA app Competitive Gaming EA Play Live Playtesting Company EA Studios Careers Our Technology EA Partners News Inside EA Our Commitments Positive Play Inclusion & Diversity Social Impact People & Culture Environment Help Forums Player and Parental Tools Accessibility Press Investors Cross Site Scripting Vulnerability in Origin Client EASEC-2020-003Īffected Software: Origin for Mac & PC version 10.5.86 (or earlier)Ī cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. EASEC-2020-003 - Cross Site Scripting Vulnerability in Origin Client EA Play FIFA 23 F1™ 22 Madden NFL 23 Apex Legends Battlefield™ 2042 The Sims 4
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |