[philipwhiuk]

This is somewhat unsurprising - gaming software will doubtless cut corners on security-adjacent tooling (valgrind, etc) in order to ship faster.

It's also somewhat irrelevant unless there's a remote chain.

The Android Browser idea is interesting but is this actually a likely scenario?

[Sohcahtoa82]

Yeah, at first, I was like...Okay, so the victim needs to install a malicious app which means they already have code execution. This is just a permissions escalation? I suppose that can be bad if the target Unity app has some wide permissions.

But if it can be exploited via Browser, then it means any website with an XSS vulnerability becomes an attack vector. But the attack needs to specify which app to start. So even if you found a great app that uses Unity and has juicy permissions, you'd have to hope your victims have that specific app installed. I'm not sure you could try to launch multiple apps without tipping off the user that the website is trying to do something funky.

[somat]

Sure it's a game engine, they are not exactly praised for their security. but my understanding is for games the end user has a mental modal where the engine isolates the users computer from the game content (the levels, art and game logic) I am not sure how relevant this mental model is to unity. Where unity is more of a game engine framework and the engine proper and the game code are more or less intertwined within that.

The gold example is the original quake where the engine had an application specific vm to run the game code. Again, not security focused and I am fairly sure vm escapes would be easy to find. But I also don't remember ever hearing news how a quake mod installed a rootkit on someones pc.

[whizzter]

I'd say that most lines of business cuts as many or even more corners until they grow large or have other security interests, gamedevs are fairly prideful of their work in comparison to many other industries.

In this case however I'm gathering that this is an engine level issue, in general Unity hasn't been a huge target since most game-code is run under C# (even if people might resort to unsafe for some things) and has basic memory safety from the language. It's a bad oversight in this case though.

[jfyi]

The relevance is bypassing the android application sandboxing of the game by other apps and running arbitrary code as the game. I suppose the relevance depends a lot on how much you are invested in your video game.

[sidewndr46]

how does one cut corners on Valgrind? It's a free tool from what I understand.

[Sohcahtoa82]

I interpreted the comment as meaning cutting corners by not using Valgrind.

[sidewndr46]

That at least makes slightly more sense, thanks.

[kelsey98765431]

by not using it.