As a developer of fitness apps built on Unity, you need to stay ahead of the curve when it comes to security. Recently, we identified a vulnerability that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. Don't worry; there is no evidence of any exploitation of the vulnerability, nor has there been any impact on users or customers.

Key Facts

While this vulnerability may seem concerning, it's essential to note that Unity has worked closely with our platform partners to secure their platforms and protect end-users. Additionally, released games or applications using Unity 2017.1 or later for Windows, Android, macOS, or Linux may contain this vulnerability. To address the issue, we've released an update for each major and minor version of the Unity Editor starting with Unity 2019.1.

What Actions Should You Take?

If you have developed and released a game or application using Unity 2017.1 or later for Windows, Android, or macOS, you need to take action to ensure the continued safety of your users. Here's what you should do:

  • If your project is still in active development:

+ Download the patched update for your version of the Unity Editor, available via Unity Hub or the Unity Download Archive, before building and publishing.

  • For games and applications already built:

+ We strongly recommend downloading the patched update for your version of the Unity Editor, recompiling, and republishing your application.

Additional Protections

For Android or Windows Applications:

  • If your Android application is distributed via Google Play, other third-party Android App stores, or direct download: As an additional layer of defense, Android's built-in malware scanning and other security features will help reduce risks to users posed by this vulnerability.
  • For Windows-based applications: Microsoft Defender has been updated and will detect and block the vulnerability. Valve will issue additional protections for the Steam client.

Additional Platforms

For Horizon OS:

  • Meta devices have implemented mitigations so that vulnerable Unity apps running on Horizon OS cannot be exploited.

For Linux:

  • The vulnerability presents a much lower risk on Linux compared to Android, Windows, and macOS.

For all other Unity-supported platforms including iOS:

  • There have been no findings to suggest that the vulnerability is exploitable.