LogIn"There is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers."
Last week, Unity disclosed a security vulnerability impacting games built with engine versions going all the way back to 2017.1. This flaw affects multiple operating systems, including Android, Windows, Linux, and macOS.
Although the company states there is no evidence of the vulnerability being exploited or affecting users or customers, developers are urged to take action if they have created and released a game or application using Unity 2017.1 or later.
The vulnerability was originally discovered and reported by security researcher RyotaK on June 4, but has only been patched now. According to the description, "applications that were built using affected versions of the Unity Editor are susceptible to an unsafe file loading and local file inclusion attack, depending on the operating system, which could enable local code execution or information disclosure at the privilege level of the vulnerable application". This means attackers could potentially run harmful code or access sensitive data on devices running vulnerable Unity apps within their usual permissions and access.
Many video game developers have begun rolling out patches, though some games have been temporarily taken down:
And here's a deeper dive into the issue from RyotaK:
If you're a game developer with affected projects, Unity urges you to download the patched update for your Unity Editor version, recompile, and republish your app.
For those who don't want to rebuild everything, there's also a tool available to patch already-built applications from 2017.1 and later on Android, Windows, and macOS.
If your project is still in active development, make sure to download the patched update for your Unity Editor version, available through Unity Hub or the Unity Download Archive, before building and publishing.
Learn more here and join our 80 Level Talent platform and our new Discord server, follow us on Instagram, Twitter, LinkedIn, Telegram, TikTok, and Threads, where we share breakdowns, the latest news, awesome artworks, and more.