-
16:50
-
16:20
-
15:50
-
15:20
-
14:50
-
14:20
-
13:50
-
13:20
-
12:50
Follow us on Facebook
Unity fixes critical Android game vulnerability threatening crypto users
Unity Technologies has released patches addressing a critical security flaw in its engine that posed risks to Android users, particularly those managing cryptocurrency wallets. The vulnerability, tracked as CVE-2025-59489, affected games and applications built with Unity 2017.1 and later.
Vulnerability details
The flaw originates from an “untrusted search path” issue, allowing attackers to manipulate how and where a Unity game loads code. Discovered and responsibly disclosed by researcher RyotaK of GMO Flatt Security Inc., the bug enables a malicious app on the same device to send crafted commands via Android intents. These commands could force a Unity game to load a malicious shared library (.so file), executing code with the game’s privileges.
Since many Android games request broad permissions, such an exploit could allow attackers to access data or interfere with other apps, including crypto wallets.
Industry response and mitigation
Unity has provided updated editor builds and a patching tool. Developers are advised to recompile projects with patched Unity versions or use the Unity Application Patcher for apps that cannot be rebuilt from source. Unity confirmed there is no evidence that the vulnerability has been exploited so far.
Other platform providers and distributors have also responded. Valve (Steam) added protections to detect exploit attempts, while Microsoft updated Defender to flag potential attacks. Google and other companies are coordinating mitigation measures. Some game publishers have patched affected titles or temporarily removed them from distribution to apply fixes.
For users, the immediate advice is to update Android games as patches become available, remove untrusted apps, avoid installing unknown APKs, and, for crypto wallet users, maintain a separate secure environment.
A wake-up call for the ecosystem
The incident underscores how vulnerabilities in widely used engines can have far-reaching impacts, potentially threatening areas like cryptocurrency management that might seem unrelated. The swift response across platforms demonstrates the seriousness with which game developers and security teams treat systemic security risks.