Unity games on Android, other platforms vulnerable to local attacks
Unity, the engine behind tons of your favorite games, just revealed a big security flaw (CVE-2025-59489) affecting any game or app made with Unity 2017.1 or later on Windows, macOS, Android, and Linux.
Found by RyotaK from GMO Flatt Security, this bug lets attackers run arbitrary code if they have local access—especially on Android devices.
Unity says no attacks have been reported yet
The flaw could let someone with device access run malicious code or steal data.
Unity says there haven't been any attacks yet, but built-in protections like malware scanners aren't enough to fully stop this threat.
Developers are urged to update and re-release games
Unity has dropped new patches and tools for developers to fix their games. They're urging devs to update and re-release ASAP to keep players safe.
Obsidian has even pulled some Unity-based titles from digital stores until things are patched up.
If you play a lot of indie or cross-platform games, keep an eye out for updates!