A researcher is warning that a gaming plug-in installed on over 200 million PCs contains a flaw that could let attackers steal users’ data from websites they are logged into, such as their Web mail and social networking accounts. The technology in question, from Unity Technologies, is used by hundreds of thousands of developers to create online games and other interactive 3D content. The flaw, which the researcher says has not been patched yet, is located in the Unity Web Player, a plug-in that needs to be installed inside browsers in order to display Unity-based Web apps. The Unity engine allows developers to create 3D content that will work across a variety of mobile, desktop and gaming platforms, including in browsers such as Firefox, Chrome, Internet Explorer, Safari and Opera. The technology is popular with online game developers and is even endorsed by Facebook, which offers a software development kit for integrating Unity-based games with Facebook features.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street