Unity patched a critical Android flaw that could allow local code execution and data access.
The Unity Android flaw affected Android, Windows, macOS, and Linux systems dating back to 2017.
Unity confirmed no known exploitation of the flaw.
Developers are urged to rebuild and republish all affected Unity games using the patched Editor.
Mobile gamers and crypto users should keep devices updated and use trusted antivirus software.
The vulnerability, first discovered in June 2025, allowed malicious applications installed on the same device to execute arbitrary code by hijacking permissions granted to Unity-built apps.
This Unity Android flaw essentially gave attackers a backdoor to access confidential information on user devices. It could have potentially affected countless popular games including but not limited to ‘Among Us’ and ‘Shadow Fight 3’.
‘Shadow Fight 3’ Is Among The Most Popular Unity-Based Mobile Games Worldwide
Source: VittorCloud
Although it primarily targeted the Android mobile platform, the issue also extended to games running on:
macOS
Linux
Unity disclosed that any Unity-built applications dating as far back as 2017 could potentially be affected.
Security researcher RyotaK from GMO Flatt Security revealed that the Unity Android flaw could be used to remotely execute code and gain unauthorized access to sensitive app permissions, including those used by crypto wallets embedded in games or apps.
In essence, a malicious app could piggyback on a Unity-built app’s permissions to:
Access crypto wallets
Execute unauthorized transactions
Steal personal data
Mobile gamers and crypto users are advised to:
Enable automatic updates on all devices
Keep antivirus software up to date
Only download apps from trusted sources
Check for app updates frequently, especially games built with Unity
On October 3rd, 2025, Unity released a security advisory authored by Larry “Major Nelson” Hryb, Director of Community at Unity Technologies.
An Executive Summary Of The Security Advisory
Source: Unity
The advisory confirmed that a fix had been rolled out and reassured users that:
“There is no evidence of exploitation of this vulnerability, nor has there been any reported impact on users or customers.”
Unity urged all developers to take immediate action:
Download the patched Unity Editor
Rebuild all existing games with the updated editor
Republish the updated builds to digital storefronts
Failing to do so could leave users vulnerable if older, unpatched versions of games remain in circulation.
Microsoft issued its own alert confirming that:
Console games were not affected
Windows Defender was updated to detect and block the threat
Windows game developers are actively patching affected titles
Studios like Obsidian Entertainment temporarily removed multiple Unity-built games from digital storefronts to apply patches and prevent exposure.
According to GameRant, affected games will return once they are fully secured.
The Unity Android flaw is a vulnerability that allowed malicious applications to hijack permissions from Unity-based apps on Android, potentially leading to arbitrary code execution and access to confidential data.
Apps built with Unity dating back to 2017 may be vulnerable, particularly on Android. Windows, macOS, and Linux versions are also potentially affected.
According to Unity Technologies, there is no evidence that the flaw was actively exploited in the wild.
Developers should download the patched Unity Editor, rebuild any existing projects using the patch, and republish them to ensure end-users receive the updated version.
Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!
Content Strategist
Subscribe to stay informed and receive latest updates on the latest happenings in the crypto world!
