Electronic Arts Inc. has quickly updated its Origin gaming client after security researchers discovered a vulnerability that could be easily exploited by hackers.

Detailed by TechCrunch today, the vulnerability relates to how Origin, a client used to install EA games, used a specific address, “origin://,” to download and install a game.

The researchers found that they could trigger Origin to load anything, not just EA games. In one example, they had Original install Windows Calculator, innocuous software in itself but apparently a popular demonstration for hackers to show how they can run code remotely on a given computer.

With this ability, a hacker could then run PowerShell commands, commands in Windows for administration tasks and automation, to download additional malicious software.

Tricking users into clicking on malicious software that would install in Origin is as simple as providing a link in an email or on a website as well. Using a malicious link, it would also, in theory, be possible to steal a user’s account token using a single line of code.

The good news is that EA released a new version of the Origin client for Windows that addresses the vulnerability on Monday, however, users are required to download it. The vulnerability did not affect macOS users.

There are no reports of the vulnerability being exploited in the wild, but now that the details have been published, there’s a risk that a hacker somewhere may try to do so, targeting those who have not updated their Origin installation.

The news comes at a difficult time for EA after the company announced late last month that 350 staff would be laid off as it continues to face a highly competitive market.

Image: EA