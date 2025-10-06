ExchangeDEX+
Buy CryptoMarketsSpotFutures500XEarnEvents
More
CHZ Frenzy
Unity Technologies has released a patch to fix a security vulnerability that could have allowed malicious code execution in Android games built with its platform, potentially stealing credentials such as crypto wallet seed phrases.  In its security update advisory, Unity stated that the bug posed a high-severity risk; however, there is no evidence of exploitation […]Unity Technologies has released a patch to fix a security vulnerability that could have allowed malicious code execution in Android games built with its platform, potentially stealing credentials such as crypto wallet seed phrases.  In its security update advisory, Unity stated that the bug posed a high-severity risk; however, there is no evidence of exploitation […]

Unity Technology fixes Android mobile bug, denies exploit

By: Cryptopolitan
2025/10/06 18:51
Helium Mobile
MOBILE$0.0003101-1.80%
Ambire Wallet
WALLET$0.01797-5.57%
SEED
SEED$0.0004909-0.94%

Unity Technologies has released a patch to fix a security vulnerability that could have allowed malicious code execution in Android games built with its platform, potentially stealing credentials such as crypto wallet seed phrases. 

In its security update advisory, Unity stated that the bug posed a high-severity risk; however, there is no evidence of exploitation or user impact. It was first identified on June 4 by cybersecurity researcher RyotaK of GMO Flatt Security Inc., and classified as CWE-426: Untrusted Search Path. 

Unity Technologies, a provider of real-time 3D development tools, powers over 70% of the world’s top 1,000 mobile games.

Unity bug affected editor versions, exposed apps to file loading

According to the disclosure, the vulnerability affected several platforms, including Android, Windows, macOS, and Linux. A patched version of the Unity Runtime was released on October 2, and developers are being urged to update their software to avoid the risk of exploits.

The vulnerability, with a CVSS score of 8.4, was also mentioned by RyotaK. It states that malicious apps installed on devices could hijack permissions granted to Unity-built apps, allowing attackers to execute arbitrary code remotely.

Director of community Larry “Major Nelson” Hryb published a security advisory saying applications that used affected Unity Editor versions were vulnerable to file loading and local file inclusion attacks.

Attackers could exploit this flaw to gain access at the privilege level of the vulnerable application. Windows systems faced double the risk if a registered custom URI handler existed, which attackers could use to trigger library-loading remotely.

The vulnerable Unity Runtime, present in builds made before October 2, allowed “argument injection,” which could result in the loading of code from unintended locations. If compromised, an adversary could run arbitrary commands or exfiltrate confidential information from an affected device.

Patch is live, projects start rebuilding

Unity confirmed late last week that patches are now available for all developers and has advised developers to rebuild their projects with a patched version of the Unity Editor. The firm also recommended applying the Unity Application Patcher to existing Android, Windows, or macOS builds, followed by testing and redeployment.

In the official statement, Unity reiterated that “no evidence of active exploitation” had been found and that no customers were affected. The company added that immediate mitigation steps were communicated to developers to prevent any future exposure.

On Android, the issue could lead to code execution or elevation of privilege, while on Windows, Linux (desktop and embedded), and macOS, the flaw could have resulted in privilege risks. Unity’s advisory noted that console games were not affected, although mobile and desktop applications built on vulnerable Unity versions were exposed to threats.

Last Friday, Microsoft also issued a related security alert confirming that Windows-based game development teams were reviewing and updating any potentially affected titles. Windows Defender has since been updated to detect and block any known exploits related to the exploit.

Hackers using games to steal private data

The broader gaming industry has been facing threats from malicious software, developed by hackers who have disguised games, even downloadable content, as legitimate content. Hackers hide malware in popular games, demos, or mods distributed through unofficial channels. 

Gamers could unknowingly aid hackers by downloading pirated versions of titles like Grand Theft Auto V, God of War, or Mortal Kombat 1 laced with hidden malware, such as Crackonosh. Once installed, the computer virus covertly harnesses the user’s computer resources to mine digital currencies like Monero (XMR) “silently.”

Some malicious actors inject harmful code through post-launch updates or redirect users to external sites hosting infected files. After successfully tricking gamers to download the loaded game, they steal personal data, gaming or crypto wallet credentials

In his statement, Hryb called on developers and users to always update their operating systems, enable automatic updates, and use reliable antivirus software. He also said security was a “shared responsibility” in gaming because millions of users interact with Unity-powered applications on a day-to-day basis.

Join a premium crypto trading community free for 30 days - normally $100/mo.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

You May Also Like

R25 Launches Institutional-Grade Asset-Backed Token rcUSD+ on Polygon

R25 Launches Institutional-Grade Asset-Backed Token rcUSD+ on Polygon

Latest News and Updates on blockchain industry by AlexaBlockchain ("Alexa Blockchain"). R25 has launched rcUSD+, an institutional-grade, yield-bearing RWA token on Polygon. The integration brings high-quality asset-backed yields to Polygon’s DeFi ecosystem, enhancing liquidity, composability, and institutional adoption. The post R25 Launches Institutional-Grade Asset-Backed Token rcUSD+ on Polygon appeared first on AlexaBlockchain.
TokenFi
TOKEN$0.006212-6.50%
Allo
RWA$0.003979-4.99%
DeFi
DEFI$0.000878-15.81%
Share
AlexaBlockchain2025/11/14 08:06
PEPE Price Drops Into Its Strongest Demand Zone – Here’s What Could Happen Next

PEPE Price Drops Into Its Strongest Demand Zone – Here’s What Could Happen Next

The Pepe (PEPE) price has slipped back into the same demand zone that triggered some of its biggest rallies in the past.  Analyst Steph Is Crypto highlighted this area on the weekly chart and called PEPE “cheap now,” pointing out that price has once again returned to its long-term support band. This zone has acted
Pepe
PEPE$0.00000541-6.56%
SphereX
HERE$0.000043--%
Areon Network
AREA$0.00746-6.86%
Share
Coinstats2025/11/14 07:31
DerivaDEX, managed by the DAO, has obtained a license from the Bermuda Monetary Authority.

DerivaDEX, managed by the DAO, has obtained a license from the Bermuda Monetary Authority.

PANews reported on November 14 that, according to The Block, DEX Labs CEO Aditya Palepu revealed that DerivaDEX, managed by the DAO, has received a license from the Bermuda Monetary Authority (DMA), marking the first DAO-related license issued by the DMA. DerivaDEX, a decentralized derivatives trading platform focused on institutional users, is expected to launch before the end of the year. The protocol was designed by senior figures from DRW and Consensys and is backed by venture capital firms such as Dragonfly, CMS Holdings, Electric Capital, and Polychain.
DAO Maker
DAO$0.0743-5.02%
Blockstreet
BLOCK$0.0145-16.95%
Share
PANews2025/11/14 09:05

Trending News

More

R25 Launches Institutional-Grade Asset-Backed Token rcUSD+ on Polygon

PEPE Price Drops Into Its Strongest Demand Zone – Here’s What Could Happen Next

DerivaDEX, managed by the DAO, has obtained a license from the Bermuda Monetary Authority.

Tether Strikes Hard: Authorities Seize 12M USDT in Massive Fraud Case

Minneapolis Fed’s Kashkari Questions October Rate Cut, Eyes December Decision

Quick Reads

More

TRUMP Price Prediction 2026–2030: Can the Meme Coin Keep Its Momentum?

Monad (MON) Price Prediction 2026-2030: Can This Layer-1 Blockchain Reach New Heights?

Investing in Monad Crypto: Risks and Opportunities

Monad vs Solana: A Comparative Analysis for Next‑Gen Altcoins

How Monad Blockchain Achieves 10,000 TPS

Crypto Prices

mc_price_img_alt

Bitcoin

BTC

$99,463.31
$99,463.31$99,463.31

-1.91%

mc_price_img_alt

Ethereum

ETH

$3,231.03
$3,231.03$3,231.03

-4.60%

mc_price_img_alt

XRP

XRP

$2.3208
$2.3208$2.3208

-4.65%

mc_price_img_alt

Solana

SOL

$144.81
$144.81$144.81

-5.44%

mc_price_img_alt

DOGE

DOGE

$0.16479
$0.16479$0.16479

-4.59%