Unity has identified a "significant security vulnerability" in its development tool, with origins traced back to 2017
A critical security flaw has been identified within games developed using Unity's toolset since 2017.
Findings from a Common Vulnerabilities and Exposures (CVE) assessment indicate that if an application was created with a Unity Editor version containing the flawed Unity Runtime code, it allows potential attackers to run code and possibly extract sensitive data from the host computer.
This flaw impacts games made for Android, Windows, Linux, and macOS platforms.
Larry Hryb, Unity's director of community and advocacy, emphasized in a blog announcement that there have been no known exploitations of the vulnerability or any adverse effects on users.
He confirmed that corrective actions to resolve the issue have been taken and updates are already accessible to developers.
The vulnerability was ethically disclosed by security researcher RyotaK, and Unity expressed appreciation for the collaboration.
To mitigate the issue, Unity has deployed updates for all major and minor versions of the Unity Editor from Unity 2019.1 onwards.
Furthermore, Unity issued a binary patcher to mend pre-built applications starting from version 2017.1.
Developers who published applications or games using Unity 2017.1 or newer for Windows, Android, or macOS are advised to check Unity's guidance to ensure the protection of their users.
Hryb strongly advises downloading the updated versions of the Unity Editor, recompiling, and republishing applications.
Additionally, users should be encouraged to keep devices and applications current, enable automatic updates, and use updated antivirus protection.
Beyond Unity, Microsoft has updated its Defender software to recognize and prevent this vulnerability.
Valve has also updated its platform to bolster security for its Steam client.
Following the security alert, developers have acted in response. For instance, Obsidian removed certain games from online stores as a precautionary measure.