Seriously? Unity *Again*?!

Right, listen up. Some clowns at Unity decided to code something monumentally stupid – a flaw in how they handle player preferences. Basically, if a game uses a specific version of Unity and doesn’t properly validate data, some malicious bastard can inject HTML into the game’s settings panel. Think cross-site scripting (XSS), but for your goddamn games.

What does this *mean*, you ask? Well, it means attackers could potentially steal cookies, hijack accounts, or just generally cause havoc on a player’s system. Steam and Microsoft are warning people because a whole bunch of games use Unity, so the potential attack surface is HUGE. They’re saying it affects games running on Windows, but honestly, who knows what else is vulnerable? It’s probably everything.

Unity has released a patch, naturally *after* this shit got discovered. And developers need to actually *apply* the patch for it to do any good. So expect a lot of unpatched games floating around, ripe for exploitation. Fantastic. Just fucking fantastic.

The worst part? This isn’t some zero-day exploit from shadowy hackers. It’s basic coding negligence. Seriously, validate your input! Is that too much to ask?

Don’t blame me if your account gets jacked because some developer couldn’t be bothered to secure their game. I just report the disasters.

Source: BleepingComputer

Related Bullshit

Reminds me of the time a “security expert” told me to just “trust” a vendor. Yeah, that worked out great for everyone involved. Ended up rebuilding half their network after they got pwned by a script kiddie. Trust no one. Especially not Unity.