Security Research for Games

We provide security analysis and research for the under-represented gaming industry, be they operated by corporations, small companies, or individuals.

News

News from the Front Lines

• GVID-2021-0002: Unity3D AssetBundle Corruption CrashDecember 12, 2021
  Title: Unity3D AssetBundle Corruption CrashAdvisory ID: GVID-2021-0002Allocation Date: July 2nd, 2021Publication Date: December 12th, 2021Update Date: May 17th, 2022Publication URL: https://vidyasec.org/2021/12/12/gvid-2021-0002-unity3d-assetbundle-corruption-crash/ Vulnerability Details Affected Vendor: Unity TechnologiesAffected Product: Unity3D (incl. Pro)Affected Versions: 2018.4.20f1, 2019.4.29f1 LTS, 2020.3.13f1 LTS, probably more.Platform: WindowsCWE Classification: CWE-20: Improper Input ValidationCVE ID: N/AUnity Security Case Number: 1747 Product Description Unity3D isContinue reading “GVID-2021-0002: Unity3D AssetBundle Corruption Crash”
• ADVISORY: Photon Event 6 Lagger PoC Plugin Open-Sourced (VRChat)September 12, 2021
  A user on GitHub has open-sourced a plugin demonstrating the use of the Photon Event 6 issue in VRChat in order to cause a denial of service in instances. This issue has been reported to VRChat by multiple parties, with no fix in sight. According to an older commit where a README was present, thisContinue reading “ADVISORY: Photon Event 6 Lagger PoC Plugin Open-Sourced (VRChat)”
• Hello WorldMay 27, 2021
  All right, we’re finally online. Our initial focus will be on VRChat vulnerabilities due to personal preferences, but you are welcome to send us anything else you find. Our contact information is here. Please let us know if we missed anything. Thanks.

Help Out

We’re small, so we don’t have a ton of manpower. If you want to help out, feel free to send in your vulnerabilities, and we’ll help disclose them.