Unity has formally disclosed a security vulnerability that affects games and applications developed with its engine, with implications dating back to 2017.
While the company says there is no evidence of active exploitation or user impact, it is urging developers to take immediate action to patch their projects.
According to Unity’s post by Larry Hryb (aka “Major Nelson”), the flaw affects titles built with Unity 2017.1 or later for Windows, Android, and macOS. The company has already released fixes, and major platform partners have rolled out additional protections. Valve updated Steam with new mitigations, Microsoft Defender now detects and blocks the vulnerability on Windows, and Google and Meta have taken further steps. Unity confirmed that iOS, visionOS, tvOS, Xbox, Nintendo Switch, PlayStation, UWP, Quest, and WebGL are not impacted.
The severity of the issue is underscored by developer responses. Obsidian temporarily pulled several titles from digital storefronts, including Grounded 2 Founders Edition, Avowed Premium Edition, Pillars of Eternity: Hero Edition, Pillars of Eternity II: Deadfire, and Pentiment, until security updates are applied. Other games, such as Marvel Snap, No Rest for the Wicked, Ingress, and Fate/Grand Order, have already received patches, while Atlus announced Persona 5: The Phantom X will be updated.
The CVE record for the exploit warns that applications built with vulnerable Unity Runtime code could allow attackers to execute arbitrary code and steal sensitive information from affected machines. Developers are strongly advised to update their projects immediately to prevent potential risks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
