Unity Plug-In Leaves Millions of PCs Vulnerable to Data Theft
Ashley Allen / 3 years ago
Jouko Pynnönen, a security researcher from Finland, has uncovered a security flaw within the Unity Web Player plug-in that could make hundreds of millions of gamers vulnerable to having their data stolen from any website they happen to logged into at the time, including webmail and social media accounts.
The Unity Web Player plug-in is designed to allow browsers to display and run game content in web applications; a popular choice, thanks to its flexible compatibility across domains, and is even endorsed by Facebook, which has its own software development kit for Unity-based games within the social networking site.
According to Unity Technologies, over 200 million people have Unity Web Player installed on their computers, and is used by over 700,000 active developers on a monthly basis, leaving a huge chunk of the world’s population at risk of having their details stolen.
Pynnönen built a Unity app to test the plug-in’s integrity. When the app was loaded up by the plug-in, it could access the Gmail account that was open in the browser, and was even able to forward e-mails to another account through the plug-in.
Thankfully, Chrome users running version 42 of the browser are protected from the vulnerability. Users of other browsers are advised to either use Chrome version 42 or uninstall the Unity Web Player until the problem is patched.
Thank you Lifars for providing us with this information.
Image courtesy of PC World.