On October 3, Unity issued an email alert to developers warning of a critical security vulnerability discovered in the engine’s Runtime code. The issue affects all Unity versions released since 2017.1, including the latest Unity 6. While no evidence of active exploitation has been found, the warning has prompted developers worldwide to assess and patch their games to ensure player safety.
A Major Vulnerability in One of Gaming’s Most Widely Used Engines
Originally released in 2005, the Unity Engine has powered countless popular titles, including Hollow Knight: Silksong, Subnautica, and Among Us. Its accessibility and flexibility have made it one of the most-used engines in the industry, spanning platforms from PC to mobile devices.
Although Unity’s reputation took a hit in 2023 following the controversial Runtime Fee plan, the company later reversed course in 2024, returning to a more traditional subscription model. The Unity Personal plan remains free for developers earning up to $200,000 annually.
Now, Unity finds itself back in the spotlight — but for more serious reasons. The newly discovered security flaw reportedly affects games built for Windows, Android, Linux, and macOS, exposing potential vulnerabilities in Unity’s Runtime environment that could allow attackers to extract sensitive data.
Unity stated that while no exploitation has been detected so far, it has already provided patches and security instructions to developers. Additionally, Microsoft Defender can identify and block the vulnerability on Windows, while Valve has implemented its own countermeasures through the Steam Client.
Obsidian Entertainment Temporarily Pulls Games
One of the first major studios to react was Obsidian Entertainment, which confirmed the temporary removal of several Unity-based titles — Grounded 2, Pentiment, Avowed, and Pillars of Eternity — from digital storefronts. The decision was made to protect players while developers implement and test Unity’s security fixes.
Obsidian did not provide a specific timeline for when the affected games would return but assured fans that the measure is temporary and necessary for player safety.
Meanwhile, other studios have already responded to the issue more rapidly. Titles like Among Us and Marvel Snap have released updates addressing the Unity security flaw, indicating that the patching process is well underway across the industry.
Industry-Wide Response Expected
With Unity powering thousands of active games across multiple platforms, the total number of affected titles remains unclear. Developers are urged to review Unity’s latest security advisories and apply the fixes immediately.
As the situation develops, players may see temporary game removals or patches being rolled out across different platforms. For now, Unity’s swift communication and collaboration with security partners have helped prevent a larger-scale crisis — but developers are not taking any chances.
Confirmed Games Temporarily Removed or Under Review
These titles have been delisted or temporarily removed while developers apply Unity’s security patch:
- Pentiment
- Fallout Shelter
- Wasteland Remastered
- Wasteland 3
- Pillars of Eternity II: Deadfire
- Knights and Bikes
- The Bard’s Tale Trilogy
- The Elder Scrolls: Blades
- The Elder Scrolls: Castles
- Hearthstone
- Warcraft Rumble
Obsidian Entertainment titles (temporarily pulled):
- Grounded 2 – Founders Edition / Founders Pack
- Avowed – Premium Edition / Premium Edition Upgrade
- Pillars of Eternity – Hero Edition / Definitive Edition
- Pillars of Eternity II: Deadfire / Deadfire Ultimate
- Pentiment
Additional removals include certain companion apps and digital artbooks such as Avowed Artbook, Starfield Companion App, and The Elder Scrolls IV: Oblivion Remastered Companion App, all built using Unity.
Games Already Patched or Updated
These games have received updates addressing the Unity Runtime vulnerability:
- Marvel Snap
- No Rest for the Wicked
- Ingress
- Fate/Grand Order
- Persona 5: The Phantom X
- Overcooked! 2
- Several indie games on Steam (identified via patch notes as “Unity Security Update”)
Summary
Any game developed with Unity 2017.1 or newer, across Windows, macOS, Linux, or Android, may be affected. While no known exploit has been detected, major studios have chosen to delist or patch their Unity-based games as a precaution until all versions are fully secured.
