• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Write for Us
  • Contact
  • Advertise
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Hundreds of millions of PCs vulnerable to attack due to Unity gaming plug-in flaw

Updated on Jun 11, 2015 by Guest Authors

At least 200 million computers have been exposed to potential attacks amid the discovery of a flaw within the Unity plug-in used for gaming.

The plug-in flaw was found by a researcher based in Finland and accordingly it allows the bad actors to scrape off a user’s confidential data while he or she is logged in to a website, including email like Gmail and Yahoo Mail, and social media accounts like Facebook and Twitter.

unity-vulnerable

Here’s why the impact of this vulnerability needs to be taken seriously. A great deal of developers, some hundreds of thousands of them, are relying on the Unity plug-in to create online games, meaning that there is a great chance that most of the games you have grown fond of playing use this kind of plug-in. This gaming tool is installed in browsers for you to be able to gain access to the Web-based apps and games.

Developers are also able to develop three-dimensional content that is compatible with various mobile devices and computer platforms, browsers and gaming consoles. So this vulnerability is not only affecting PCs but other platforms as well.

In fact, there are more than 700,000 monthly active developers who are using the plug-in to develop games for more than 600 million users all over the world. Those figures are enough to trigger the alarm over this vulnerability.

The plug-in implements a cross-domain policy that allows access to other websites for an active user. It is designed to actually block a Unity application from gaining access to tools from other websites. Recently, the Finnish researcher found a way to get past this policy, a vulnerability that enables malicious apps to grant access to third-party websites without the user’s knowledge.

For example, your Gmail account can be accessed if you are in an active session with the email service and your data will be transmitted furtively to the third-party prying eyes. The same thing can happen with your Facebook account, for instance, if have the Unity Web Player installed in your system.

Some browsers could prevent the plugin from starting automatically without permission. Others could allow it. Luckily for users of Chrome version 42, the attack does not work. Vulnerable browsers appear to be plagued by the use of the old Netscape Plugin Application Programming Interface which could allow the plug-in to run automatically.

Until the findings went public, Unity had not heeded the researcher’s call for a patch to the flaw. A fix is in the works, according to Unity.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?

Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function

AuthenTrend AT.Wallet Fingerprint Cryptocurrency Wallet Review – The Coolest One You Can Buy

Yeedi K650 Robot Vacuum Review – A Good Basic Vacuum

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Keychron K4 Wireless Mechanical Keyboard Review – The Biggest & The Best?
  • Keychron K6 Wireless Mechanical Keyboard Review – Nice Balance Between Design and Function
  • Sensibo Pure Smart Air Purifier Review
  • EVO Gym System – A Foldable Versatile Personal Gym for Everyone

Copyright © 2021 · All Rights Reserved