{"id":472539,"date":"2025-10-04T02:12:14","date_gmt":"2025-10-04T02:12:14","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/472539\/"},"modified":"2025-10-04T02:12:14","modified_gmt":"2025-10-04T02:12:14","slug":"unity-discloses-a-years-old-security-exploit-and-urges-developers-to-update-their-games","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/472539\/","title":{"rendered":"Unity discloses a years-old security exploit and urges developers to update their games"},"content":{"rendered":"<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Unity is urging developers to take \u201cimmediate action\u201d after it disclosed a major security vulnerability affecting games built using versions of its popular development tool dating back to 2017. While there is \u201cno evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers,\u201d Unity already has fixes available to developers, <a href=\"https:\/\/discussions.unity.com\/t\/unity-platform-protection-take-immediate-action-to-protect-your-games-and-apps\/1688031\" target=\"_blank\" rel=\"noopener\">according to a post from Larry Hryb<\/a>, aka \u201cMajor Nelson.\u201d<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Specifically, developers need to take action if \u201cyou have developed and released a game or application using Unity 2017.1 or later for Windows, Android, or macOS,\u201d Hryb says. Unity\u2019s \u201cplatform partners\u201d have also \u201ctaken further steps to secure their platforms and protect end users.\u201d<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Valve already released <a href=\"https:\/\/steamcommunity.com\/games\/593110\/announcements\/detail\/507340830949770871\" target=\"_blank\" rel=\"noopener\">a new version of Steam<\/a> that adds mitigations for the exploit, and \u201cfor Windows, Microsoft Defender has been updated and will detect and block the vulnerability,\u201d Hryb says. Google and Meta have taken steps as well, according to Hyrb. There are \u201cno findings to suggest\u201d that the vulnerability can be exploited on iOS, visionOS, tvOS, Xbox, Nintendo Switch, PlayStation, UWP, Quest, and WebGL.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">Numerous developers have taken actions in response to the disclosure. Obsidian <a href=\"https:\/\/x.com\/Obsidian\/status\/1974215697845923976\">removed<\/a> some of its games and products from digital storefronts, including Grounded 2 Founders Edition, Avowed Premium Edition, Pillars of Eternity: Hero Edition, Pillars of Eternity II: Deadfire, and Pentiment, until it can \u201cimplement the necessary updates to address the issue.\u201d <a href=\"https:\/\/x.com\/seconddinner\/status\/1974171006085554309\">Marvel Snap<\/a>, <a href=\"https:\/\/x.com\/wickedgame\/status\/1974169075405533675\">No Rest for the Wicked<\/a>, <a href=\"https:\/\/x.com\/ingress\/status\/1974171560891351070\">Ingress<\/a>, and <a href=\"https:\/\/x.com\/FateGO_USA\/status\/1974229267316605253\">Fate\/Grand Order<\/a> have all received updates as well. And Atlus says Persona 5: The Phantom X <a href=\"https:\/\/persona5x.com\/news\/details\/000329gzaQvTSJ.html\" target=\"_blank\" rel=\"noopener\">will get an update<\/a>.<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\">According to the Common Vulnerabilities and Exposures (CVE) record <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2025-59489\" target=\"_blank\" rel=\"noopener\">about the exploit<\/a>, \u201cif an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running.\u201d<\/p>\n<p class=\"duet--article--dangerously-set-cms-markup duet--article--standard-paragraph _1ymtmqpi _17nnmdy1 _17nnmdy0 _1xwtict1\"><strong>Update, October 3rd<\/strong>: Added details about Obsidian removing games from storefronts and about games that have gotten updates.<\/p>\n","protected":false},"excerpt":{"rendered":"Unity is urging developers to take \u201cimmediate action\u201d after it disclosed a major security vulnerability affecting games built&hellip;\n","protected":false},"author":2,"featured_media":472540,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[77,1583,12,326,53,16,15],"class_list":{"0":"post-472539","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-entertainment","9":"tag-gaming","10":"tag-news","11":"tag-tech","12":"tag-technology","13":"tag-uk","14":"tag-united-kingdom"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/115313478510320866","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/472539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=472539"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/472539\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/472540"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=472539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=472539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=472539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}