
Unity has uncovered a significant security vulnerability in its software that has been dormant for almost a decade. Users are strongly encouraged to immediately patch their applications to guard against potential exploitation.
The flaw, which affects all versions of Unity from 2017.1 and later across Android, Windows, Linux, and macOS, allows local code execution and file inclusion attacks depending on the operating system in use.
Discovered on June 4 and officially patched on October 2, this vulnerability has received a high severity score from Unity, specifically a CVSS score of 8.4 out of 10. Although the company asserts that there is currently no evidence of user impact or exploitation, developers of any game or application using Unity are advised to update as a precautionary measure.
For developers still leveraging Unity, immediate action is necessary to ensure the security of their projects and users. Unity has made the patched version available through its Unity Hub and via the Unity Download Archive. Detailed guidance on remediation is also available on their website.