Unity Uncovers Significant Security Flaw in Development Tool Used Since 2017

A major security vulnerability has been identified by Unity in its development tool, impacting games created with it since 2017. According to a Common Vulnerabilities and Exposures analysis, an adversary could potentially execute code and extract sensitive information from the machine running the application if it was built using a vulnerable version of the Unity Editor. This issue affects games developed for various operating systems, including Android, Windows, Linux, and macOS. In a blog post, Unity's director of community and advocacy, Larry Hryb, stated that despite the vulnerability's severity, there is no evidence it has been exploited, and users and customers have not been impacted. Unity has proactively provided fixes for the vulnerability, which are now available to all developers. The company has released updates for major and minor versions of the Unity Editor starting from Unity 2019.1, as well as a binary patcher for applications built since 2017.1. Developers who have created games or applications using Unity 2017.1 or later for Windows, Android, or macOS are advised to review Unity's guidance to ensure user safety. Recommendations include downloading the patched update, recompiling, and republishing the application, as well as advising users to keep their devices and applications updated and to use current antivirus software. In response to the issue, Microsoft has updated its Defender to detect and block the vulnerability, and Valve has issued an update for its platform with additional protections for the Steam client. Some developers, such as Obsidian, have taken steps like removing games from digital storefronts in light of the security issue.