Games using version 2017.1 or later need to be patched.
Any game or application using Unity version 2017.1 or later has a highly severe security vulnerability that will need “immediate action” to be patched out.
The vulnerability was first discovered in June of this year, and means that users were “susceptible to an unsafe file loading and local file inclusion attack depending on the operating system.” Those who would exploit the vulnerability could execute local code or grab info at “the privilege level of the vulnerable application”.
Last week, Unity advised that developers will need to patch existing games and applications built using 2017.1 or later, and update their version of the Unity Editor when it comes to creating new games and applications.
While the tools will work for most existing games and applications, those that use tamper-proofing or anti-cheat solutions will need to, “rebuild your project with the patched update for your version of the Unity Editor and redeploy to maintain these protections,” Unity advised. “Patching your existing application isn’t possible because it will trip the tamper protection.”
Unity was careful to point out that despite the vulnerability being very severe — earning a CVSS score of 8.4 out of a possible 10 — “there is no evidence of any exploitation of the vulnerability nor has there been any impact on users or customers.”
Developers needing to access Unity’s new tools can do so here.
This article may contain affiliate links, meaning we could earn a small commission if you click-through and make a purchase. Stevivor is an independent outlet and our journalism is in no way influenced by any advertiser or commercial initiative.
