Ars Technica says the exploit "works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine." The Windows and OS X clients are both affected, and the user's choice of Internet browser doesn't seem to matter. Requiring confirmation before opening Origin links appears to be the only way to keep your system safe at the moment.
I don't want to make excuses for EA, especially given its handling of the disastrous SimCity launch, but Origin isn't the first service to suffer such a security hole. In October, a similar flaw was exposed in Valve's Steam client. That flaw was patched quickly, according to ValveTime, and we haven't heard a peep about it since. This past summer, a security flaw was also discovered in Ubisoft's Uplay software. The software installed a browser plug-in containing a backdoor that allowed remote code execution. Ubisoft patched that vulnerability within a day.
Security flaw found in EA Origin service
Posted on Tuesday, March 19 2013 @ 13:06 CET by Thomas De Maesschalck