Unity only reached out to the expert on Wednesday, after he disclosed the existence of the vulnerability. Pynnönen said he attempted to notify Unity Technologies of the vulnerability back in December 2014, but the company didn’t respond to his messages sent via email and the website contact form. Unity Web Player users can verify if they are affected by the vulnerability by accessing the test app while being logged in to their Google account. The researcher has published a video and a poof-of-concept (PoC) application that demonstrate the existence of the vulnerability. Attacks against Chrome 42 users are difficult to pull off because starting with this version Google disabled support for the Netscape Plugin API (NPAPI) which is used by Unity Web Player. In the case of Internet Explorer, the bug can be exploited to read files from the targeted user's hard drive. Pynnönen told SecurityWeek that he successfully reproduced the vulnerability in Chrome, Firefox, Safari (on OS X), and Internet Explorer. For the attack to work, the victim must be authenticated on the targeted service, the researcher said. Once launched, the malicious app can access private information from the victim’s other online services (e.g. However, Unity Web Player allows the redirect because it erroneously bases its evaluation on the user:password part of the URL which is identical in both URLs (‘x:y’).”Īn attacker can exploit the vulnerability by setting up a malicious Unity application online and tricking users into accessing it. “The redirect should be denied because it points to a different domain. ‘ /redirector’ which could return a HTTP redirect status code (301, 302, 307) and a Location: header pointing at ‘ /’,” the researcher explained. A malicious app loaded from ‘ ’ could access an URL from e.g. “A specially formatted URL in a HTTP redirection can be used to bypass these restrictions. However, the restriction can be bypassed. The plugin is installed by hundreds of millions of users.įinnish researcher Jouko Pynnönen of Klikki Oy, who has uncovered serious vulnerabilities in numerous popular plugins over the past period, says the Unity Web Player plugin is plagued by a cross-domain policy bypass vulnerability that allows malicious web applications built with Unity to steal information from other websites.Īccording to the expert, the Unity Web Player plugin implements cross-domain policies to prevent a web application from accessing resources on other websites or the file system. Unity Web Player is a plugin designed to allow users to view 3D content created with Unity directly in their browsers. The company says there are roughly 4.5 million registered developers that use Unity to create games, which are played by 600 million gamers worldwide. Unity is a cross-platform game engine developed by Unity Technologies. A serious vulnerability in Unity Web Player can be exploited by malicious actors to steal sensitive information from users, a researcher has warned.
0 Comments
Leave a Reply. |