Ars Technica has details from
a demonstration at the Black Hat Europe 2013 conference showing a remote code execution vulnerability in the client software for
EA's Origin on both Windows and OS X machines. Similar to a
problem identified last year on Valve's
Steam, this involves using a malformed URL to trick clients into executing unauthorized code, and the researches took over a remote computer by exploiting this behavior. They have a follow-up comment on this from EA saying: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."