[mzajc]

> This vulnerability allows malicious intents to control command line arguments passed to Unity applications, enabling attackers to load arbitrary shared libraries (.so files) and execute malicious code, depending on the platform.

Aren't intents an Android-only thing? I'm not sure adding "depending on the platform" makes sense when the exploit only works on a single platform.

[Karliss]

The biggest impact is for Android. The official advisory from Unity https://unity.com/security/sept-2025-01 lists that for desktop platforms it's more of privilege escalation instead of code execution.

On windows if the game has been registered as custom URL scheme handler it opens ways for triggering it without ability to pass custom CLI arguments.

On macOS as part of application signing macOS apps also contain permission manifest. So in theory if a user runs a malicious app (which for some reason is properly signed but with limited permissions) it could leverage a vulnerable game to run in the context of slightly more permissions but still as the same user.

On Linux in most cases anyone able to pass cli arguments could also run code directly with same privileges. I guess if the game executable was marked as setuid. That seems unlikely.

[zZorgz]

For macOS:

Applications may have permission to access files/services that other apps and even root (I believe) would need user-prompt access to, gated by TCC (potentially including sandboxed game’s data).

Code signed games that opt into enabling library validation should prevent the issue of loading arbitrary code, however many games likely don’t do this.

https://unity.com/security/sept-2025-01/remediation explains these details fairly well in macOS section