Unity has identified a "major security vulnerability" in its development tool that has existed since 2017

Unity has identified a significant security flaw in its development tool impacting games created with its software since 2017.

This issue, detailed in a CVE analysis, suggests that if a game was built with a compromised Unity Editor version, an attacker could potentially execute malicious code and access private information on the device running the game.

The security concern affects titles operating on Android, Windows, Linux, and macOS systems.

Unity's director of community and advocacy, Larry Hryb, communicated in a blog entry that there have been no known exploits of this vulnerability, nor any damage to users or customers.

"Fixes addressing the issue have been proactively distributed and are accessible to all developers," he mentioned.

The vulnerability was responsibly disclosed by security researcher RyotaK, for which Unity has expressed gratitude.

Unity responded by issuing updates across all significant and minor Unity Editor versions from Unity 2019.1 onward. Additionally, a binary patcher is available to correct applications built as far back as 2017.1.

Developers who utilized Unity 2017.1 or later to build games or apps for Windows, Android, or macOS are advised to review Unity’s guidance to ensure user safety.

Hryb recommends downloading the updated Unity Editor version, recompiling, and reissuing applications to mitigate risk.

Users are encouraged to maintain up-to-date devices and applications, activate automatic updates, and keep their antivirus software current.

Outside of Unity's efforts, Microsoft Defender has also been updated to identify and block the vulnerability.

Valve has rolled out an update to integrate extra security measures for the Steam client.

Following these developments, some developers have reacted to the security vulnerability, with companies like Obsidian removing certain games from digital stores.