Urgent Unity Security Update Required for All Games

A critical security vulnerability has been identified in Unity, requiring all developers who have released games or applications using Unity 2017.1 or later for Windows, Android, or macOS to apply an immediate update. Unity has already made fixes available, and while there is no current evidence of the vulnerability being exploited or impacting users, the company strongly advises taking prompt action to prevent potential risks.

Larry Hryb, also known as Major Nelson, confirmed that Unity’s platform partners have implemented additional security measures to protect end users. Valve, for example, has released an updated version of Steam that includes mitigations for the exploit. Microsoft Defender for Windows has also been updated to detect and block the vulnerability, while Google and Meta have taken their own protective steps. According to Hryb, there are no indications that the vulnerability affects iOS, visionOS, tvOS, Xbox, Nintendo Switch, PlayStation, UWP, Quest, or WebGL platforms.

The Common Vulnerabilities and Exposures (CVE) record explains that applications built with a vulnerable version of the Unity Editor could allow an adversary to execute malicious code and exfiltrate confidential information from the machine running the application. This makes it essential for developers to verify their build versions and apply the necessary patches without delay.

Developers are urged to review their projects and ensure they are using the latest secure versions of Unity to safeguard both their work and their users. Taking these precautions helps maintain trust and security across the gaming and software ecosystem.

(Source: The Verge)