Editor flaw allows malicious code execution in Unity applications.

A high-severity vulnerability in Unity’s command-line arguments lets attackers load arbitrary libraries and execute code on devices running Unity-built applications. The flaw stems from Unity’s Android debugging support, which allows any application to send commands to Unity apps, enabling attackers to point to malicious libraries and achieve code execution. Unity patched the issue across multiple editor versions and warned that all applications built since Unity 2017.1 for Android, Windows, macOS, and Linux are affected, while Microsoft and Valve implemented protective measures and urged developers to rebuild their games with updated versions.

Read more:

https://www.securityweek.com/microsoft-and-steam-take-action-as-unity-vulnerability-puts-games-at-risk/