Patches to control exploits can be made at multiple levels.The software itself, the operating system, the antimalware system you use, and even in some cases through firmware.

Haven't seen or heard of said exploit, but I seriously doubt anyone would be using it or can use it to a crippling extent or it would never be disclosed.

Also if it's big enough, then Microsoft will just put a patch in Windows.

Originally posted by AmaiAmai:

Patches to control exploits can be made at multiple levels.The software itself, the operating system, the antimalware system you use, and even in some cases through firmware.

Haven't seen or heard of said exploit, but I seriously doubt anyone would be using it or can use it to a crippling extent or it would never be disclosed.

Also if it's big enough, then Microsoft will just put a patch in Windows.

None of that is how security vulnerabilities work. Did you even look at the CVE for the issue?

Originally posted by Unity:

Note: Additional OS-level measures have been deployed by Google, Meta, and Microsoft to further secure their platforms. However, you must still patch or rebuild your Unity applications to be fully secure.

@OP, essentially yes developers will need to patch their games that used the Unity editor 2017 or later to patch their applications/games. Abandoned games are likely to remain exploitable if they are vulnerable.

Unity Disclosure[unity.com]

It is worth noting that the exploit requires local access; meaning it isn't something that on it's own is remotely exploitable.

Originally posted by Unity:

...may allow malicious actors with local access to execute arbitrary code within your application’s context, potentially leading to data exposure or privilege escalation...

Now correct me if I'm wrong, but does the hazard potentially include anything from larger projects (Wasteland 2, Pillars of Eternity), through popular metroidvanias (Hollow Knight, Blasphemous) to non-Steam mobile games?

Seems moderately serious.

Though I'm a little curious what SEGA/Atlus will do. Their PC port of SMT III is supposedly both Unity and with DRM. A weird mix to be honest.

Sounds like Unity wants more money for new versions?
Played a lof of Unty games lately and I feel safe.

Originally posted by PopinFRESH:

It is worth noting that the exploit requires local access; meaning it isn't something that on it's own is remotely exploitable.

That's what I was wondering about reading OP, so basically not really an issue.

Originally posted by Princess Luna:

Sounds like Unity wants more money for new versions?
…

How so? The vulnerability affects all versions from Unity 2017 and newer including the latest version. They released patches for all of the versions and an auto-patching tool for all of them other than 2017 & 2018 to make it easy for developers to quickly patch their applications; and they will help patch things from 2017 and 2018 if developers need help with those versions.

I don’t think critical vulnerabilities is a very reliable means to drive upgrades…

Unity already said this for Steam:
We have spoken with Valve and they will issue additional protections for the Steam client. For Windows, Microsoft Defender has been updated and will detect and block the vulnerability.

So it sounds like Steam will be automatically patching any existing Unity games in its database?

---

Originally posted by wing0zero:

Originally posted by PopinFRESH:

It is worth noting that the exploit requires local access; meaning it isn't something that on it's own is remotely exploitable.

That's what I was wondering about reading OP, so basically not really an issue.

I mean, if left unchecked, it would BECOME an issue for sure. It would provide a less detectable route for viruses, by allowing them to keep themselves very minimal, no suspicious exploiting code for an antivirus to detect, and then use an existing Unity game on the system as a means to install malicious software with a trusted context.

According to Microsoft Xbox Studio: DOOM (2019), DOOM II (2019), Forza Customs, Gears POP!, Halo Recruit, Mighty Doom, The Elder Scrolls: Legends, Zoo Tycoon Friends... are all no longer supported (2019???) and will be de-listed. They advise to uninstall.