What are you looking for?

January 2023 Security Update Advisory

Overview

The Unity Editor, when importing FBX or SketchUp associated file types, is affected by memory corruption vulnerabilities which could lead to remote code execution.

The updated version of the Unity Editor includes the latest version of the Autodesk FBX SDK and SketchUp SDK security patches.

Vulnerability Details

CVE ID: Multiple, see advisories for more details:

ADSK-SA-2022-0022[1]
ADSK-SA-2021-0001[2]

Type: Remote Code Execution

Discovered: 2022/10/03

Discovered By: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Patch Availability: 1/30/2023

Affected Operating System: All supported platforms

Affected Versions: All

Severity: High

Patch Versions:

2023.1.0a26

2022.2.3f1

2021.3.17f1

2020.3.44f1

Remediation Steps

If your version of the Unity Editor is not one of the listed versions, or higher, in the Patch Versions of the Vulnerability Details section, please update to the latest version available.You can view the current version and check for updates using “Check for Updates” feature in the Unity Editor as described in Manual: Check For Updates for your Unity Editor version.

Frequently asked questions

What type of vulnerability was addressed in this update?

+

What platforms are affected?

+

What versions of the Editor are being patched?

+
References