> This vulnerability allows malicious intents to control command line arguments passed to Unity applications, enabling attackers to load arbitrary shared libraries (.so files) and execute malicious code, depending on the platform.
Aren't intents an Android-only thing? I'm not sure adding "depending on the platform" makes sense when the exploit only works on a single platform.
Interesting that Windows is impacted, but on Windows you can simply drop a dx9 dll or sameNameAsExecutable.dll to "inject" code. Commonly used by modders for Unity and other games. From that perspective, I don't see how this is novel or so highly rated, again on Windows specifically.
The URI handler is a separate vector that is more concerning.
This seems pretty bad from the headline but there's no evidence of any in-the-wild exploits or if there is a feasible real-world exploit here. Some other domino(s) have to fall before it allows RCE. For instance, browser-based exploits are blocked by SELinux restrictions on dlopen from the downloads path.
I don't understand the threat model of this for most Unity games on PC, it doesn't seem like there's anything you could do by running arbitrary code inside the Unity player that you couldn't already run on your PC directly or access via the process's memory, etc?
On desktop it's considered more of a privilege escalation (you could get your code run with the privileges of the Unity program) than a code execution vulnerability.
10 comments
[ 5.3 ms ] story [ 32.2 ms ] threadIt's also somewhat irrelevant unless there's a remote chain.
The Android Browser idea is interesting but is this actually a likely scenario?
Aren't intents an Android-only thing? I'm not sure adding "depending on the platform" makes sense when the exploit only works on a single platform.
The URI handler is a separate vector that is more concerning.
I am baffled how they don't mention this at all.
There is https://discussions.unity.com/t/webgl-project-running-only-i... but the response is laughable.