![]() ![]() However, the Finnish researcher found an inherent vulnerability that could allow a malicious app or script to trick the Unity Web Player into allowing requests to be made toward other websites. Normally, the cross-domain policy is tasked to prevent a Unity-based web application that’s loaded on any domain (an online game on Facebook for example), from accessing data, content or resources from other websites. This was done in order to access websites with credentials (login and user data) of the browser used logged in. Games that are based in the Unity Engine are used by over 600 million gamers around the world.Ī security researcher from Finland, Jouko Pynnönen claimed to find a means to bypass and circumvent the cross-domain policy in use by the plug-in.The technology serves to and is used by over 700,000 active developers on a monthly basis.The Unity Web Player was installed on over 200 million computers, even as of March 2013.The technology is also endorsed by Facebook in a huge way, with a software development toolkit on offer for streamlining and integrating Unity-based games along with Facebook’s features.Īccording to numbers taken from Unity Technologies: The technology and the gaming engine is a particular favorite among web developers due to its near universal compatibility over different domains. The Unity Web Player plugin is also located in all popular, main-stream browsers such as Chrome, Internet Explorer, Safari, Firefox and Opera. These include desktop, mobile and gaming platforms and frameworks. This web player is installed within browsers to display and run content that’s based on Unity-based Web applications.ĭevelopers and gaming companies are empowered to create 3D content through the popular Unity engine which works across various platforms. The flaw in the plug-in which is still in the process of being patched presently, is located within the Unity Web Player. The plug-in, created by Unity technologies is used among hundreds of thousands of game designers and web developers to produce interactive 3D content and more commonly, to create online games. This affects websites which offer web mail as well as social media and networking accounts. A gaming plugin installed in over 200 million computers contains a critical flaw that enables attackers to steal user data directly from the websites they’re logged into, according to a security researcher. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |