January 2023 Security Update Advisory


The Unity Editor, when importing FBX or SketchUp associated file types, is affected by memory corruption vulnerabilities which could lead to remote code execution.

The updated version of the Unity Editor includes the latest version of the Autodesk FBX SDK and SketchUp SDK security patches.

Vulnerability Details

CVE ID: Multiple, see advisories for more details:


Type: Remote Code Execution

Discovered: 2022/10/03

Discovered By: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative

Patch Availability: 1/30/2023

Affected Operating System: All supported platforms

Affected Versions: All

Severity: High

Patch Versions: 

  • 2023.1.0a26
  • 2022.2.3f1
  • 2021.3.17f1
  • 2020.3.44f1

Remediation Steps

If your version of the Unity Editor is not one of the listed versions, or higher, in the Patch Versions of the Vulnerability Details section, please update to the latest version available.You can view the current version and check for updates using “Check for Updates” feature in the Unity Editor as described in Manual: Check For Updates for your Unity Editor version.

Frequently asked questions

What type of vulnerability was addressed in this update?

Memory corruption issues were identified that could lead to Remote Code Execution (RCE) and/or Denial-of-Service (DoS).

What platforms are affected?

All platforms for the Unity Editor are affected.

What versions of the Editor are being patched?

We have released a patch for Long Term Support (LTS) and Pre-release (Alpha and Beta) versions. All future versions will contain the update as well.

我们使用 Cookie 来确保为您提供网站的最佳体验。有关更多信息,请访问我们的 Cookie 政策页面