As mobile game developers, it's crucial to prioritize security when creating experiences for your users. Recently, a vulnerability was discovered in Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. While there is no evidence of exploitation or impact on users, it's essential to take immediate action to protect your games and apps.

Key Facts

The vulnerability affects games and applications built on Unity versions 2017.1 and later for various platforms. Thankfully, there have been no reports of exploitation or impact on users. Unity has worked closely with platform partners to secure their platforms and protect end-users.

Released games or applications using Unity 2017.1 or later for Windows, Android, macOS, or Linux may contain this vulnerability. To ensure the continued safety of your users, it's crucial to take action by downloading patched updates and recompiling or republishing affected projects.

What Actions Should You Take?

If you've developed and released a game or application using Unity 2017.1 or later for Windows, Android, or macOS, you need to take immediate action. Follow these steps:

  • If your project is still in active development:

+ Download the patched update for your version of the Unity Editor, available via Unity Hub or the Unity Download Archive.

+ Rebuild and publish your application with the patched update.

  • For games and applications already built:

+ Download the patched update for your version of the Unity Editor.

+ Recompile and republish your application.

For Android or Windows Applications, additional protections are being put in place:

  • If your Android application is distributed via Google Play, other third-party Android App stores, or direct download: Android's built-in malware scanning and security features will help reduce risks to users posed by this vulnerability.
  • For Windows-based applications: Microsoft Defender has been updated and will detect and block the vulnerability. Valve will issue additional protections for the Steam client.

If your application employs tamper-proofing or anti-cheat solutions:

  • You'll need to rebuild your project with the patched update for your version of the Unity Editor and redeploy to maintain these protections.

Additional Platforms

For Horizon OS: Meta devices have implemented mitigations so that vulnerable Unity apps running on Horizon OS cannot be exploited. For Linux, the vulnerability presents a much lower risk compared to Android, Windows, and macOS.

For all other Unity-supported platforms, including iOS, there have been no findings to suggest that the vulnerability is exploitable.

Consumer Guidance

Adopt these best practices:

  • Keep your devices and applications updated.
  • Enable automatic updates.
  • Maintain current antivirus software.
  • Avoid suspicious downloads.
  • Routinely update all software.

Unity's commitment to security is unwavering. We will continue to provide updates as necessary, ensuring the integrity of our platform, customers, and the wider community.

For comprehensive technical details, please consult our patching tool and remediation guide, Security Advisory, and CVE-2026-59489. If you have any questions, join us in the CVE Discussions forums and use the CVE Q&A Topic.