There has been many news lately of a lot of vulnerabilities popping up everywhere. Well get ready for another one, this one affects gaming PCs every where. This new vulnerability is brought to you by Unity technologies. One of the most popular game maker has a huge vulnerability.
So according to numbers taken from Unity Technologies:
- The Unity Web Player was installed on over 200 million computers, even as of March 2013.
- The technology serves to and is used by over 700,000 active developers on a monthly basis.
- Games that are based in the Unity Engine are used by over 600 million gamers around the world.
A security researcher from Finland, Jouko Pynnönen claimed to find a means to bypass and circumvent the cross-domain policy in use by the plug-in. This was done in order to access websites with credentials (login and user data) of the browser used logged in. On top of that he found out that the vulnerability could allow a malicious app or script to tricky the Unity Web player into allowing requests to be made towards other websites. So thank you Finland for finding another mess up by a company that is supposed to be better than that.
However, Unity’s response was great and they deserve some credit for getting a fast fix out to the public. As of right now for Chrome users, there is an update that browser no longer supports such plugins.