A security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, and macOS operating systems. Download the patching tool here and read on for further instructions.
Landed on my radar recently- thought I’d post it here
Some Unity games may be launched with a parameter that causes them to execute arbitrary code. It seems like it only makes sense on Android. Windows and Linux games can normally only be launched by a process with the same or greater privileges than the process being created, but on Android you can elevate privileges by invoking another app. In practical terms, another app can access the save data of your mobile games.
There was also something about games that register to be launchable directly from a webpage, which would allow web sites to escape the browser sandbox, but it didn’t sound likely.
Some Unity games may be launched with a parameter that causes them to execute arbitrary code. It seems like it only makes sense on Android. Windows and Linux games can normally only be launched by a process with the same or greater privileges than the process being created, but on Android you can elevate privileges by invoking another app. In practical terms, another app can access the save data of your mobile games.
There was also something about games that register to be launchable directly from a webpage, which would allow web sites to escape the browser sandbox, but it didn’t sound likely.