Unity, a leading game engine company, has recently discovered a security vulnerability that has been sitting dormant for almost a decade. The good news is that there's no evidence of any exploitation or impact on users or customers. However, it's crucial to take immediate action to protect your games and apps.
The vulnerability affects Unity versions 2017.1 and later, across Android, Windows, Linux, and macOS operating systems. Discovered in June this year and patched in October, the issue allows for unsafe file loading and local file inclusion attacks, depending on the operating system. This could lead to local code execution or information theft at the privilege level of the vulnerable application.
With a high severity score of 8.4 (out of 10), Unity strongly recommends that developers recompile and republish their applications using version 2017.1 or later. If you're not ready to rebuild your projects, Unity has released a tool that patches applications on Android, Windows, and macOS. However, this tool doesn't work with builds featuring tamper-proofing or anti-cheat measures, nor does it support Linux.
Linux users should rebuild their applications using a patched Unity Editor to remove vulnerable code paths. For developers using Unity, it's essential to inform users to keep their devices and applications up-to-date, as those working off old versions could be vulnerable.
In summary, this vulnerability has been present in Unity versions 2017.1 and later for almost eight years. To ensure the security of your games and apps, take immediate action by updating your software or using Unity's patching tool.