Unity Technology has deployed security fixes for a vulnerability discovered in June that enabled malicious code execution in Android-based mobile games, potentially threatening crypto users with unauthorized access to sensitive data.
The gaming engine developer confirmed Friday that patches were rolled out to address the security flaw. Unity director of community Larry Hryb posted an advisory explaining the vulnerability could allow local code execution and access to confidential information on devices running Unity-built applications.
Hryb stated there was no evidence of exploitation, nor any confirmed impact on users or customers. The company emphasized that security measures were implemented promptly after the June discovery.
Sources indicated the bug affects projects dating back to 2017, primarily targeting the Android mobile platform while also impacting games on Windows, macOS and Linux. A Google spokesperson confirmed Unity is making patches available to app developers and urged immediate updates.
Unity advised developers to download the patched Unity Editor update before their next build. Developers must rebuild any released games with the patched editor and republish them so users can update their applications with the security fixes.
GMO Flatt Security researcher RyotaK, who documented the vulnerability, explained it enabled malicious applications on the same device to hijack permissions granted to Unity applications. The flaw could be exploited remotely to execute arbitrary code on affected devices.
Mobile gamers received recommendations to keep devices updated, enable automatic updates and maintain current antivirus software. Microsoft released a security alert stating Windows game development teams were updating potentially affected games and applications, while console games remained unaffected.
Windows Defender received updates to provide protection, and Android anti-malware systems were enhanced according to Neowin. Game developers like Obsidian Entertainment temporarily removed multiple games from digital storefronts while implementing fixes, GameRant reported.
Unity powers over 70% of the top thousand mobile games as an industry‑leading platform for creators building real‑time games and apps across multiple platforms. The widespread use of Unity's gaming engine means the vulnerability potentially affected a significant portion of mobile gaming users globally.