Overview: Unity vulnerability prompts precautionary removals
In October 2025, Unity Technologies disclosed a critical security vulnerability affecting applications built with Unity 2017.1 and later. The issue could potentially affect Android, Windows, macOS, and Linux builds, prompting a cautious response from platform holders and developers alike. While there have been no confirmed exploits or user-impact reports to date, the breadth of affected platforms led Microsoft to take protective steps: temporarily removing certain Unity-powered titles from its digital storefront while patches are prepared.
Microsoft explained that it will roll out updates for its own products that rely on Unity and urged users to avoid downloading or reinstalling affected titles until they are patched. In the interim, the company noted that the store may block downloads for some titles to ensure users receive the corrected builds as soon as they are available. The goal is to minimize risk while maintaining access to the broader library of Unity-powered games and apps once safe versions are released.
Affected titles and the scope of the response
The list of public targets spans a mix of games and companion apps, including both well-known franchises and smaller experiences. The titles reported as affected include:
- Avowed Artbook
- DOOM: The Dark Ages Companion App
- Fallout Shelter
- Ghostwire: Tokyo Prelude
- Grounded 2 Artbook
- Hearthstone
- すすめ!じでんしゃナイツ
- Pillars of Eternity II: Deadfire
- Starfield Companion App
- The Bard’s Tale Trilogy
- The Elder Scrolls IV: Oblivion Remastered Companion App
- The Elder Scrolls: Blades
- The Elder Scrolls: Castles
- Warcraft Rumble
- Wasteland 3
- Wasteland Remastered
Some titles have already received updates, such as Knights and Bikes, which demonstrates that publishers and stores can push patches independently of the broader platform. Conversely, other entries like Fallout Shelter, Wasteland 3, and The Elder Scrolls: Blades have faced temporary unavailability on some storefronts, with players reporting limited access on Steam or Google Play in certain regions.
What this means for players and developers
From a player perspective, the immediate concern is safeguarding accounts and devices while patches are prepared. Microsoft’s guidance to uninstall affected builds until updates are deployed aligns with standard security practices: reduce exposure by limiting installation of potentially vulnerable software. When patches become available, users can re-download through the store, now with the vulnerability mitigated by the Unity update.
For developers, the situation underscores the importance of timely security responses and clear communication with distribution platforms. Unity Technologies has indicated that fixes are in progress and that the vulnerability affects Unity 2017.1 onwards. Studios relying on Unity should monitor both Unity’s security advisories and the storefronts for patch deployments, especially for titles with companion apps or digital art assets tied to Unity content.
Context on Avowed, Obsidian, and related items
Although not all Unity-based products are core to a game’s engine, some assets and add-ons like artbooks or companion apps can be built with Unity. For example, Avowed’s digital artbook is Unity-powered, which is why it appears on the affected list despite the main game not using Unity. Obsidian Entertainment has clarified that Pentiment, another recent title, is not listed as affected. The situation highlights how ecosystem-wide vulnerabilities can ripple through ancillary content and distribution channels even when the primary game code remains unaffected.
Moving forward: monitoring and practical steps
Microsoft and Unity will continue to deliver updates and, ideally, resume normal storefront operations as patches are deployed. Until then, players should watch for official notices, back up save data where appropriate, and avoid installing or re-downloading affected titles until the patches are confirmed live. The broader gaming community should anticipate more detailed patch timelines and potential regional availability changes as updates are rolled out across platforms.
Bottom line
The Unity vulnerability has catalyzed a cautious, staged response from Microsoft, prioritizing user safety while developers work to patch affected builds. The situation illustrates how security concerns can affect not just a game’s core code but also associated content and distribution, prompting temporary removals and careful communication until safe versions are available.
