Unity Technologies is calling on developers to take prompt steps to address a significant security flaw found in games created with its development platform from as far back as 2017. Despite the absence of reported exploitation or user impact, the company has made emergency fixes available. Larry Hryb, widely known as “Major Nelson,” conveyed this information in a community post.
Developers who have released games or applications using Unity version 2017.1 or later on Windows, Android, or macOS should take immediate action, Hryb advised. He also mentioned that Unity’s platform partners are actively enhancing their systems to safeguard end users.
Valve has already issued an updated version of Steam that integrates measures to mitigate the newly discovered exploit. In addition, updates to Microsoft Defender for Windows are in place to detect and prevent any potential intrusions linked to the vulnerability. Google and Meta have also implemented protective measures, according to Hryb. Notably, there have been no findings indicating that the vulnerability affects iOS, visionOS, tvOS, Xbox, Nintendo Switch, PlayStation, UWP, Quest, or WebGL platforms.
The Common Vulnerabilities and Exposures (CVE) registry highlights that applications developed with vulnerable versions of the Unity Editor could allow an attacker to execute unauthorized code and potentially extract sensitive information from the host machine.
