On October 3, Unity issued an email to alert developers who have released a game that utilized its engine since 2017 against a vulnerability discovered in the engine’s code. Although the Unity engine vulnerability has no evidence of exploitation as of this writing, the alert has sent some game developers scrambling to patch any affected titles.
Originally released in 2005 and utilized by titles such as Hollow Knight: Silksong, Subnautica, and Among Us, the Unity engine is one of the most used engines in game development, due to its support for PCs and mobile devices. While Unity has lost ground to Godot and Unreal Engine due to a controversial Runtime Fee plan introduced in 2023, Unity walked back those changes in 2024 after drawing criticism across the gaming industry. As it stands, Unity engine licenses are available via a traditional subscription model, though Unity Personal remains free for the first $200,000 of revenue.
A Unity Engine Security Flaw Has Developers Scrambling To Implement A Fix
However, the Unity engine finds itself back in the spotlight, though the circumstances are more dire. According to reports, the Unity game engine has a security vulnerability in versions 2017.1 and later, including Unity 6. This vulnerability affects games released for Windows, Android, Linux, and macOS. The vulnerability lies within Unity’s Runtime code, which would allow an attacker to swipe sensitive information from an affected machine. However, Unity stated that it has not discovered any evidence of the vulnerability being exploited and has proactively sent developers the necessary fixes to address it. Along with Unity, Microsoft Defender can detect and block the vulnerability on Windows devices, with Valve adding its own protections via the Steam Client.
Obsidian Entertainment stated that it is temporarily removing Grounded 2, Pentiment, Avowed, and Pillars of Eternity from all digital storefronts while it works to implement a fix for Unity’s security flaw. Obsidian added that the move was made to protect its customers, and that it will give its developers enough time to implement and test the necessary security fixes provided by Unity. Obsidian provided no timetable for when the pulled games would return to storefronts and asked fans for patience in the meantime. By comparison, games such as Among Us and Marvel Snap have since released updates to address the Unity security flaw.
Given that several titles across multiple platforms are powered by Unity, the list of games affected by the security vulnerability is not exhaustive. It remains to be seen how many games in total will require updates in the coming days.
- Released
-
June 5, 2018
- ESRB
-
E10+ for Everyone 10+: Mild Blood, Fantasy Violence
Source: VGC
