Like many, Unity has been working around the clock to determine the extent of the remote code execution vulnerability in the commonly used Java library, “log4j.” As any application or service that uses an affected version of this library is potentially subject to exploitation, Unity continues to investigate all products and services for the vulnerability.
At the time of this publishing, Unity has found no evidence of a breach or exploit against Unity systems using log4j vulnerability, therefore we believe there has been no loss of customer data or intellectual property nor any loss of Unity data or intellectual property or that of any of Unity’s partners.
Below is a confirmed list of the unaffected products. Any products that were affected have been patched to a safe version (>=2.16.0) by the time this advisory was published. This means there are currently no known affected products, but Unity will continue to update the list as part of our existing secure software development lifecycle.