Developers who have created their games using Unity have been warned to patch them as soon as possible following the discovery of a security vulnerability in Unity versions 2017.1 and later.
In a statement, Unity said a “security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems”, but insisted “there is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers.”
“We have proactively provided fixes that address the vulnerability, and they are already available to all developers,” Unity continued. “The vulnerability was responsibly reported by the security researcher RyotaK, and we thank him for working with us.”
The company added that it has now released an update for each of the major and minor versions of the Unity Editor, starting with Unity 2019.1, and a binary patcher to patch already-built applications dating back to 2017.1. It also warned developers that “it is imperative that you review [its] guidance to ensure the continued safety of your users”.
As spotted by VGC, the news resulted in some developers temporarily pulling their games from sale as they work over the weekend to get the patch implemented as soon as possible, including Obsidian, which removed a number of games from digital stores while it worked on the updates.
“Unity is dedicated to the security and integrity of our platform, our customers, and the wider community,” Unity concluded. “Transparent communication is central to this commitment, and we will continue to provide updates as necessary.”
