Security Notification - Unity Editor

Hi everyone.

I just received an email from unity inviting me to install some patch following "a Remote Code Execution flaw in the Unity Editor".

I don't find anything about it on the web and am surprised since I was told to update to 2018.3.7 that same day.

Anybody knows anything about this?

Thanks

 

https://unity3d.com/security?utm_ca..._medium=email&utm_source=Eloqua#CVE-2019-9197

There is a security issue with the "Open in Unity" from web browser functionality on Windows versions of the editor. To secure yourself from the vulnerability you can update Unity to one of the just released versions with the fix, or use another tool they provide to just disable that feature for older versions of Unity. The issue affects only the editor, not your builds you create.

 

Thanks for the confirmation @Joe-Censored , I'll deal with that.

 

I was surprised to see even 5.6 got a new release for this. Official support for 5.6 ended almost a year ago, so they are really going out of their way here.

 

Well, we're talking about a security flaw here and there are still people using 5.6 for whatever reason. General support may have ended, but that doesn't count for serious issues.

 

Yeah but 4.x has the same flaw, but no patch released, and the affected feature is so trivial I'm surprised the 5.6 solution isn't just to disable it using the migration tool. I don't recall ever actually using this feature of Unity myself.