Origin exploit discovered, allows EA store to launch malicious code

EA's online game store Origin has been hacked to run malicious code.

The exploit was discovered by third-party security company ReVuln while running tests on the software.

It allows a malicious user to swap links that launch already-downloaded games with those for alternatives.

There's no evidence the loophole has yet been identified or exploited by anyone else, BBC News reported.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper identifying the issue.

"In other words, an attacker can craft a malicious internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

ReVuln has published a more detailed explanation of how someone could manipulate the code, along with information on what EA should do to combat it.

In the meantime, players can avoid the issue by launching Origin games directly through the service, rather than letting them load via desktop shortcuts.

EA has said it is "investigating" the vulnerability.

News of the security thread comes at a torrid time for EA. Company boss John Riccitiello announced his departure last night after weaker-than-expected financial results and a fortnight of embarrassment surrounding the launch of SimCity.