A critical security vulnerability has been discovered in specific versions of the widely used Unity engine. Consequently, some game companies have temporarily removed their titles from digital storefronts to implement necessary measures.

Unity officially announced on the 3rd (local time) that a security vulnerability has been identified in games and applications developed using engine versions 2017.1 and later for Android, Windows, Linux, and macOS. This vulnerability is considered a serious issue that could allow for local code execution within the application's context.

Unity emphasized that there is currently no evidence of the vulnerability being actively exploited or causing customer harm, and stated that they were able to provide a proactive patch thanks to a responsible report from a security researcher. Along with this, Unity urged developers who have released games using versions 2017.1 or higher to take immediate action for user safety.

Specifically, projects currently being developed with these engine versions should download the latest patched editor version (2019.1 or higher) to build and publish. If a game has already been released, developers must recompile and redistribute it, or use the binary patching tool provided for those who do not wish to rebuild.

Apps using anti-tamper or anti-cheat solutions may have their protection measures invalidated when using the patching tool, so they must be rebuilt and redistributed using the patched editor. Following this news, some developers, including Obsidian, took immediate action by temporarily removing their games from digital storefronts for update work.

Unity advised end-users to keep their devices and applications up to date, avoid suspicious downloads, and use antivirus software. Unity stated that it will continue to provide information while prioritizing the security and integrity of its platform.

Furthermore, they have collaborated with platform partners to establish additional protective measures. For Windows-based applications, the vulnerability is detected and blocked through MS Defender updates, and Valve also plans to apply additional protection to the Steam client. Meta's Horizon OS has also implemented mitigation measures to prevent exploitation. Linux platforms are at a significantly lower risk, and it has been confirmed that there is no possibility of exploitation on other platforms, including iOS.