Couldn't figure out how Unity could have a global security risk, because it's just a stand-alone app etc they don't work like that, and there were two options:
1.) The connection that Unity forces to mothership for analytics (thank gods that wasn't it)
2.) Do you rely on arbitrary code exec? Mods? Oops. #GameDev #Unity3D
Anyways this is the link with more details if you were trying to drill down to "does this matter to me?" https://unity.com/security/sept-2025-01/remediation
Honestly even then, I genuinely don't get why most would care about this.
This is a way of getting elevated access if you are sitting (or e-sitting) at the keyboard, running the executable, adding a command line.
There's uh. There are easier ways of gaining access. Most games are execution sieves.
My suspicion is folks are panicking because for a long time now Unity's been an everything-engine. Which was always a bit stupid, cus the needs of say, a back-end intranet management application differ from those of a game, but it made it Easy, so people did it and
THERE, this matters, oh mah gawd.
That also scans with why Windows would suddenly care. They don't give a shit if a game punches a hole through Defender, cus (games srsly).
But.
A whole lot of people used a game engine on critical infrastructure.
A game engine capable of arbitrary code execution (which we love for mods). And. Oh.
Anyways, remember my "do you REALLY need to be using a port-everywhere game engine" post? https://mastodon.gamedev.place/@glassbottommeg/115300081718370888
Yeahh there's a bunch of other inherent issues with turning a single game engine into a load-bearing pillar of the entire computing world
I wonder if this'll cause backtracking there?
