EA Play FIFA 23 F1™ 22 Madden NFL 23 Apex Legends Battlefield™ 2042 The Sims 4 Electronic Arts Home Electronics Arts Home Latest Games Coming Soon Free-To-Play EA SPORTS EA Originals Games Library EA app Deals PC PlayStation Xbox Nintendo Switch Mobile Pogo The EA app EA Play Competitive Gaming Playtesting Company Careers News Technology EA Studios EA Partners Our Commitments Positive Play Inclusion & Diversity Social Impact People & Culture Environment Help Forums Player and Parental Tools Accessibility Press Investors Latest Games Coming Soon Free-To-Play EA SPORTS EA Originals Games Library EA app Deals PC PlayStation Xbox Nintendo Switch Mobile Pogo The EA app EA Play Competitive Gaming Playtesting Company Careers News Technology EA Studios EA Partners Our Commitments Positive Play Inclusion & Diversity Social Impact People & Culture Environment Help Forums Player and Parental Tools Accessibility Press Investors

October Origin Security Update

By Adrian Stone, Sr. Director, EA Product Security - Oct 29, 2020

Today, we released an updated version of the Origin client to address two high severity security vulnerabilities. Both issues were reporting confidentially to us through our Product Security Vulnerability Submission Program. At no time was there evidence of either vulnerabilities being used against our customers. If you have already logged into the Origin client, you likely have already been offered the update. It can also be directly downloaded here. Two security advisories have been published with details on the vulnerabilities that were addressed by the update.

The first issue (EASEC-2020-002), was discovered by Xavier Danest - Decathlon & Tom Wilson of Nettitude. This issue allowed a valid user with limited permissions to gain privileged-level access on computers that have Origin installed. If an attacker were to attempt to exploit this vulnerability, they would have needed to log in to the computer with a valid non-Administrator user account and convince an administrative user to run an Origin application with elevated privileges. The administrative user would need to approve a UAC prompt to do this.

This release also resolves a second high severity issue in Origin (EASEC-2020-003), discovered by Ahmed El-Monairy. It’s a cross-site scripting (XSS) vulnerability that could allow a remote attacker to execute arbitrary Javascript against the Origin client’s friend list. An attacker could use this vulnerability to access sensitive data or to control or monitor the targeted friend list member’s Origin text chat window.

We want to thank the security research community for the vulnerability submissions and their positive interactions with us as we work together to protect players and the broader gaming community.

Related News

A Deep Dive on EA anticheat for PC

Electronic Arts Inc.
13/09/2022

Origin & EA Desktop clients Not Impacted by Log4shell Vulnerability

Electronic Arts Inc.
15/12/2021

Origin Security Update in Collaboration with External Security Researchers

Electronic Arts Inc.
10/12/2019
Today an updated version of the Origin client was released to address a previously discovered security vulnerability.