On August 13th a critical Remote Code Execution flaw was discovered in the Unity editor, opening users of the Unity editor up to external threat. Today they have released a security patch for several different versions of Unity available for download here. The exploit is apparently only for Windows platform, so even though a Mac patch is available for download, it does nothing. Details of the exploit have not been released yet.
Further information from the email sent to users:
Unity has identified a Remote Code Execution flaw in the Editor and we’re rolling out a critical security patch to remediate this issue.
You can select your Unity version and find the appropriate patch with instructions at https://unity3d.com/security.
As a part of our commitment to Responsible Disclosure, we will release more details about the vulnerability once all of our users have been given time to patch.
If you have any questions, please don’t hesitate to contact our Customer Service team at [email protected].