Details of a critical vulnerability in the Unity Web Player plug-in have recently been discovered. The gaming plug-in, said to be installed in over 200 million computers globally, allows attackers to steal data residing in websites where users are logged into.
Jouko Pynnönen, the researcher and analyst behind the advisory, disclosed that the flaw can potentially let a malicious Unity-based application to circumvent normal cross-domain policies and grants access to any website using the user's credentials. It is also reported that this could then lead to the unauthorized download of private messages from a user’s Gmail or Facebook accounts and transmit it to an attacker. Furthermore, once exploited on the Internet Explorer browser, it could also be used to sift through the local files on a user’s hard disk.
The plug-in under scrutiny is created by Unity Technologies. Together with its game engine, the Unity Web Player is popularly used to develop games designed for Windows- and Mac OS X-run machines and mobile devices. In fact, Facebook has shown support for Unity and openly endorsed the plug-in.
Pynnönen’s detailed report notes that the Unity Web Player plug-in usually employs normal cross-domain policies wherein an application running on a website visited by the user is limited to resources on the same website. It means it will not be granted access to other websites or local file system.
The discovered vulnerability, however, empowers a malicious app or a script to lure the web player into permitting requests made toward other domains instead of denying it. The researcher detailed how a “specially-formatted URL in an HTTP redirection” can be devised to evade said limitations.
With this vulnerability, an attacker can easily trick an unknowing victim into visiting a malicious Unity-based application or even a Facebook game. When the victim launches the app, the attackers will then be granted access to victim’s online accounts.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.