Cav's Place

The recently revealed vulnerability of the Unity game engine, which had apparently existed since 2017 but doesn’t seem to have been exploited yet, just underlines another problem caused by so many games using these generic engines. Admittedly, I’m surprised by how rare security vulnerabilities seem to be, and I actually don’t recall seeing anything about any other notable ones, but when something like this affects tens of thousands of games, if not even more, it just takes one, and someone quick to exploit it, especially since games, at least legally-owned ones, aren’t something that people generally take into account as a potential entry point for malware, and some may do things as part of their normal operation that trigger behavioral alerts from security software, at least in case of stricter settings, so people may be more likely to dismiss such alerts than they’d be in case of other software.
Considering the number of games that use the affected versions and how many of them may well be abandoned by their developers or delisted from stores, or how many are small indies or freeware titles that weren’t obtained from stores in the first place, if each affected game would need to be patched by the developer, this would be a complete disaster. Fortunately, the remediation guide and tool can be used to patch installed games directly in many cases, the exceptions being games that use anti-tamper or anti-cheat solutions, which will obviously detect that something was changed, and the fact that the tool wasn’t released for Linux, which is a highly questionable decision from where I’m standing. It still means that installers that aren’t patched by the developers or stores will remain vulnerable and people will need to remember to patch them manually if they’ll install them at a later time, but it should work… Unless the game is one of those that’s broken by the patch, since the guide mentions the possibility. And, since the patch requires a connection, there may also be serious questions about what data is gathered and sent.
Of course, the real risk generated by this vulnerabilty for a regular user is likely to be low, at least for legally-obtained games, and at least in terms of privacy Unity is a threat in itself, when working as intended. Plus that, as is the case with pretty much all generic game engines, it’s not optimized and results in outrageously high system requirements and poor performance compared to what the graphics and features of the games that use it should actually require, and that’s in fact the first reason why the use of such engines has such a negative impact on gaming in general, at least for those with weaker computers. Admittedly, it has a major positive impact on the number of games that are created, considering all the small indie, even solitary, developers who couldn’t create their own engine, or who’d need to redirect many of the resources that they can now put into creating the game itself if they would need to do that, so the overall impact on gaming is open for debate… But I for one would prefer engines to still be mostly custom, maybe shared between several games by the same developer, maybe occasionally licensed on a case by case basis to a few others, but not this one-size-fits-all thing that also leads to one-problem-affects-all, whatever that problem may be.