UPDATE, 5:45 PDT: Unity Technologies said it had identified the codepaths leading to the vulnerabilities and that it planned to release fixes on Friday. "Updates about progress on the release will be posted to our blog," the company said. It's main blog is
here.
ORIGINAL STORY:
A researcher is warning that a gaming plug-in installed on over 200 million PCs contains a flaw that could let attackers steal users’ data from websites they’re logged into, such as their Web mail and social networking accounts.
The technology in question, from Unity Technologies, is used by hundreds of thousands of developers to create online games and other interactive 3D content. The flaw, which the researcher says hasn’t been patched yet, is located in the Unity Web Player, a plug-in that needs to be installed inside browsers in order to display Unity-based Web apps.
Unity Technologies, based in San Francisco, didn’t immediately respond to a request for comment.
