January 2023 Security Update Advisory
Overview
The Unity Editor, when importing FBX or SketchUp associated file types, is affected by memory corruption vulnerabilities which could lead to remote code execution.
The updated version of the Unity Editor includes the latest version of the Autodesk FBX SDK and SketchUp SDK security patches.
CVE ID: Multiple, see advisories for more details:
ADSK-SA-2022-0022[1]
ADSK-SA-2021-0001[2]
Type: Remote Code Execution
Discovered: 2022/10/03
Discovered By: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Patch Availability: 1/30/2023
Affected Operating System: All supported platforms
Affected Versions: All
Severity: High
Patch Versions:
2023.1.0a26
2022.2.3f1
2021.3.17f1
2020.3.44f1
If your version of the Unity Editor is not one of the listed versions, or higher, in the Patch Versions of the Vulnerability Details section, please update to the latest version available.You can view the current version and check for updates using “Check for Updates” feature in the Unity Editor as described in Manual: Check For Updates for your Unity Editor version.