Unity users and creators have been unknowingly sitting atop a security vulnerability for almost a decade.
According to a report from PC Gamer, the company has recently found a security flaw that should be immediately addressed to protect games and applications.
Unity vulnerability — what we know
Although the company has assigned the vulnerability a high severity score, with a CVSS score of 8.4, Unity has also stated that there is no evidence of exploitation or any impact on users or customers.
However, it might still be worth investigating one of the best identity theft solutions, just in case.
The company still advises users and creators to download the patched versions of Unity Hub or the Unity Download Archive, as the vulnerability affects versions 2017.1 and later, meaning it will be present across Android, Windows, Linux and macOS operating systems.
The vulnerability was discovered on June 4th, and patched on October 2nd, but as it affects version 2017.1 it has existed for eight years. It causes users to be “susceptible to an unsafe file loading and local file inclusion attack depending on the operating system.” This essentially means that a hacker or threat actor could enable local code execution to grab information at a privilege level of a vulnerable application.
Android apps can rely on the built-in malware scanning and security features to pick up any affected software. Microsoft Defender has received an update that can detect and block this vulnerability.
Valve has said it is adding additional protections against the vulnerability as well. Those who do not wish to rebuild projects can look for Unity’s published tool that will patch applications on Android, Windows and macOS though it does not work on Linux or on builds that contain tamper-proofing or anti-cheat measures.
More from Tom's Guide
- Mandatory age verification is now going live in Ohio — here's what it means for users
- Lost or stolen phone? 7 essential steps to protect Your data
- Neon app that sold recorded phone calls for AI training is now offline after a security flaw exposed all of its users' data
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
