Unity vulnerability patched, devs advised to update all games running the engine

Unity has issued a patch to fix a high-level vulnerability and is advising all game developers to update their games with the latest solution.

2

Back in June, a severe-level security vulnerability was found in older versions of Unity. Games that were made in Unity 2017.1 or below are affected by the weak spot and Unity is advising all devs update their applications with the latest patch fix. The vulnerability affected Windows, Mac, Android, and iOS. Unity is one of the most popular video games engines, and a sizable portion of the top mobile games--including Call of Duty Mobile and Pokemon Go--are built on Unity.

"Applications that were built using affected versions of the Unity Editor are susceptible to an unsafe file loading and local file inclusion attack depending on the operating system, which could enable local code execution or information disclosure at the privilege level of the vulnerable application," the company wrote in its advisory post.

Unity was careful to say that no actual consumers were affected by the issue:

"There is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers. Unity has provided fixes that address the vulnerability and they are already available to all developers."

If exploited, the vulnerability could basically tap into your files and also launch outside code, opening users up to a whole host of unwanted possibilities.

"Vulnerability could allow local code execution and access to confidential information on end user devices running Unity-built applications. Code execution would be confined to the privilege level of the vulnerable application, and information disclosure would be confined to the information available to the vulnerable application."