Game developers worldwide are on high alert after Unity, the popular game engine, announced the discovery of a significant security vulnerability affecting titles and applications created on its platform. The company has issued an urgent call for developers to take immediate action to secure their projects and has provided crucial fixes.
The good news, according to Unity, is that the vulnerability has not yet been exploited, and there has been no reported impact on users. However, the flaw is widespread, impacting all games and apps built using Unity versions 2017.1 and newer across Windows, Linux, Android, and macOS. The vulnerability was initially brought to Unity’s attention by a diligent security researcher.
For projects currently under active development, Unity advises developers to download and integrate the patched update for the Unity Editor. This step is critical to ensure that any new builds and subsequent releases are fully protected against the identified flaw.
Unity Urges Immediate Action on Updates
For existing games and applications already released, Unity has provided clear instructions: developers must download the latest update, recompile their projects, and then republish the updated applications. Recognizing that rebuilding projects might not always be feasible, Unity has also released a specialized tool. This tool allows developers to patch older apps, specifically those dating back to Unity version 2017.1 for Android, Windows, and macOS, without the need for a full rebuild.
The urgency of the situation has led many developers to act swiftly. Some are currently in the process of patching their games, while others have opted for a more drastic measure, temporarily removing their titles from digital storefronts. Obsidian, the developer behind ‘The Outer Worlds 2,’ confirmed on Saturday that it had temporarily taken several Unity-powered games offline. These include well-known titles like ‘Grounded 2,’ ‘Avowed,’ ‘Pillars of Eternity,’ ‘Pillars of Eternity II: Deadfire,’ and ‘Pentiment.’
Obsidian conveyed its apologies for any inconvenience caused, assuring players that their team is diligently working on a permanent fix and aims to restore the affected games as quickly as possible. They also encouraged players who have already downloaded these games to install any available patches as soon as they are released.
For games and apps built for Android, Unity noted that while the operating system’s built-in malware scanning and other security features offer some protection, a dedicated patch update from developers remains essential. Similarly, for Windows-based applications, Microsoft Defender has been updated to detect and block the vulnerability, and Valve is also implementing additional safeguards for the Steam client.