Instant Play: YYG Vulnerability
November 21, 2008
Go back a couple of years and the standard answer to “how to I get my game to work online?” was, “you don’t”. However in the present day you would probably be greeted with a variety of options. Think YoYo Games’ Instant Play, GMBed, GMX, GMArcade and YAIPP.
These are the better known of the many pseudo-Instant Play implementations (so-called because they perform similar actions to the Instant Play feature first seen on the YoYo Games website).
James Rhodes, the creator of the Yet Another Instant Play Plugin, today revealed that a vulnerability exists within YoYo Games Instant Play enabling any game uploaded to the YoYo Games website to secretly install a plugin for the FireFox browser. The exploit can be seen in action in this example James created and uploaded to the website.
Once the plugin is installed and the user navigates to any game page on the YoYo Games website the application is automatically launched.
Over the coming week GameMaker Blog will feature several posts relating to the various “Instant Play” implementations available.