• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Hundreds of millions of PCs vulnerable to attack due to Unity gaming plug-in flaw

Updated on Jun 11, 2015 by Guest Authors

At least 200 million computers have been exposed to potential attacks amid the discovery of a flaw within the Unity plug-in used for gaming.

The plug-in flaw was found by a researcher based in Finland and accordingly it allows the bad actors to scrape off a user’s confidential data while he or she is logged in to a website, including email like Gmail and Yahoo Mail, and social media accounts like Facebook and Twitter.

unity-vulnerable

Here’s why the impact of this vulnerability needs to be taken seriously. A great deal of developers, some hundreds of thousands of them, are relying on the Unity plug-in to create online games, meaning that there is a great chance that most of the games you have grown fond of playing use this kind of plug-in. This gaming tool is installed in browsers for you to be able to gain access to the Web-based apps and games.

Developers are also able to develop three-dimensional content that is compatible with various mobile devices and computer platforms, browsers and gaming consoles. So this vulnerability is not only affecting PCs but other platforms as well.

In fact, there are more than 700,000 monthly active developers who are using the plug-in to develop games for more than 600 million users all over the world. Those figures are enough to trigger the alarm over this vulnerability.

The plug-in implements a cross-domain policy that allows access to other websites for an active user. It is designed to actually block a Unity application from gaining access to tools from other websites. Recently, the Finnish researcher found a way to get past this policy, a vulnerability that enables malicious apps to grant access to third-party websites without the user’s knowledge.

For example, your Gmail account can be accessed if you are in an active session with the email service and your data will be transmitted furtively to the third-party prying eyes. The same thing can happen with your Facebook account, for instance, if have the Unity Web Player installed in your system.

Some browsers could prevent the plugin from starting automatically without permission. Others could allow it. Luckily for users of Chrome version 42, the attack does not work. Vulnerable browsers appear to be plagued by the use of the old Netscape Plugin Application Programming Interface which could allow the plug-in to run automatically.

Until the findings went public, Unity had not heeded the researcher’s call for a patch to the flaw. A fix is in the works, according to Unity.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 · All Rights Reserved