Jouko Pynnönen, a security researcher from Finland, has uncovered a security flaw within the Unity Web Player plug-in that could make hundreds of millions of gamers vulnerable to having their data stolen from any website they happen to logged into at the time, including webmail and social media accounts.
The Unity Web Player plug-in is designed to allow browsers to display and run game content in web applications; a popular choice, thanks to its flexible compatibility across domains, and is even endorsed by Facebook, which has its own software development kit for Unity-based games within the social networking site.
According to Unity Technologies, over 200 million people have Unity Web Player installed on their computers, and is used by over 700,000 active developers on a monthly basis, leaving a huge chunk of the world’s population at risk of having their details stolen.
Pynnönen built a Unity app to test the plug-in’s integrity. When the app was loaded up by the plug-in, it could access the Gmail account that was open in the browser, and was even able to forward e-mails to another account through the plug-in.
Thankfully, Chrome users running version 42 of the browser are protected from the vulnerability. Users of other browsers are advised to either use Chrome version 42 or uninstall the Unity Web Player until the problem is patched.
Thank you Lifars for providing us with this information.
Image courtesy of PC World.
More than twenty years after the launch of Vagrant Story, many are still dreaming of…
LIVE THE HORROR: An immersive disaster story aboard a stunningly realised North Sea oil rig,…
The Philips VA LED display uses an advanced multi-domain vertical alignment technology that gives you…
【TFT Screen: The Interactive Interface】This 75% mechanical keyboard comes equipped with a TFT Screen, serving…
FANDOM FUSION Play as your favorite characters and wield their unique weapons and skills. Team…
The Definitive Version of Shin Megami Tensei V - Fully evolved with stunning visuals for…