No as Unity is the game engine.
If you have a problem post in that game's discussion hub to bring attention to devs who need to know to send a fix or patch it.

Jaunitta 🌸 eredeti hozzászólása:

No as Unity is the game engine.
If you have a problem post in that game's discussion hub to bring attention to devs who need to know to send a fix or patch it.

That idea to fix every game by the devs sadly doesn't work for every one of them. Like I mentioned there are going to be scenarios where the game is too old and the game dev can't be bothered, or if the game dev is long gone. I just wish for the alternative where the players can somehow fix the problem without relying on the game dev in case it never gets fixed and have to deal with something that we used to enjoy but can't play anymore because of vulnerability problems and no game dev to fix it.

The only possible alternative would be if it's something modders can fix.

I have not looked into the vulnerability enough or at all really to say for sure one way or another if that would be possible.

d3str0y3r eredeti hozzászólása:

The only possible alternative would be if it's something modders can fix.

I have not looked into the vulnerability enough or at all really to say for sure one way or another if that would be possible.

A mod fix would definitely be a good start, although this does need to work for anything created by unity rather than just have it fix just one specific game at a time.

"However, Unity also provides a patching tool if you can’t rebuild your project from source, or have built with a 2017/2018 version, as outlined in the Patch built applications section."

Remediation: https://unity.com/security/sept-2025-01/remediation

So theoretically anyone could use the Unity Application Patcher and patch the games.

For that one must start with "2. Patch built applications".

"If you cannot rebuild from source (or would like to deploy a hotfix while rebuilding your app), use the Unity Application Patcher to update your existing Android, Windows, or macOS builds."

That means that you can apply the patcher to already compiled game builds, as far as i have understood.

The only possible alternative would be if it's something modders can fixi

The vuln has been around since 2017 (present in games and apps developed with a Unity version first released in 2017 and forward), and has not been seen being actively exploited in the wild. It mainly affects games with online connectivity, such as always online MOBAs/MMOs and mobile games (Android appears to be most susceptible). So it's been around for at least 8 years, isn't being actively used to attack anyone, and some security researchers (aka/ethical hackers) found something unusual, decided to dig deeper and get their gold stars for finding something really interesting that could be bad in a worst-case scenario. (Yay! They get big claps from the cybersec/infosec community! Yay!) Unity put out an "urgent" fix and message to devs because- liability. People love to sue people for anything and everything these days. Big studios with lots of money like Microsoft pulled a few games while getting the fix ready because everyone loves to sue Microsoft (maybe not always wrongly...).Valve did the right thing and patched the Steam Client to detect games that might contain the vuln and block them from launching if it is detected.
Not all Unity games are going to be especially vulnerable- many devs just put out patches because Unity made them panic or because they didn't want their forums and emails spammed with messages from people freaking out after reading a clickbait games journo article that left out that this vuln almost always requires the device being attacked to already have latent malware installed on it.
Meanwhile, if you understand the technical terms and are into a more detailed explainer on the vuln, enjoy this somewhat self-serving article by one of the researchers who helped discover and investigate the vuln and submit the CVE: https://flatt.tech/research/posts/arbitrary-code-execution-in-unity-runtime/
And again- this vuln has been present since *2017*- it's not new, just recently discovered by security researchers looking for something new and interesting to dig into at a Con.

(quick edit to clean up a few typos I missed before)