Unity urges developers to patch games after discovery of major security vulnerability

• The issue stems from a feature that allows Unity apps to run extra tools via command lines.
• No known exploits have been reported, but Unity urges immediate updates to prevent risk.
• Developers are advised to recompile and republish affected applications.

Unity has identified a security vulnerability affecting games and applications built with Unity 2017.1 and later for Android, Windows, macOS, and Linux.

The game engine maker has advised that all games and applications built with its engine will require patching to address the issue and has urged users to update their software. 

The issue originated from a feature that lets Unity apps run extra add-ons or tools through commands. Developers can check Unity’s notes to see how it might affect their specific platforms.

While there’s no sign it was exploited, Unity has urged developers using versions from 2017.1 onward to update their projects with the latest patch.

“If your project was built with any Unity version from 2017 up to today’s patched releases, it might be affected," Unity cautioned in a guide. “All developers with affected projects must take action."

Patching tools available

The company further advised developers using affected versions to recompile and republish their apps. 

Android, Windows, and Valve have added security measures to detect or block the issue, while Unity has also released a patching tool for Android, Windows, and macOS. 

Unity noted that while Linux is still rated as high-risk, it won’t receive a patching tool due to its lower overall threat level and advised developers to rebuild Linux apps using a patched Unity Editor if needed. 

The company added that the fix should not affect most games and urged developers to remind users to keep their devices and apps updated to avoid potential vulnerabilities.