This week, University of New Haven researchers released details about a serious vulnerability in a popular PC VR application called BigScreen VR. The flaw not only allows an attacker to potentially eaves drop on you and your friends while you think you are in a private VR space, but it could even allow attackers to install arbitrary code (malware) onto your computer with no user interaction at all. The vulnerabilities also affect the Unity development platform, and perhaps are due to it. So this issue does affect Unity, and theoretically could affect other apps developed on that platform. The good news is there is a patch, and it was already applied server-side. This means Bigscreen users are already safe (no client update necessary). Watch today’s video for more details.
UPDATE:It turns out the BigScreen did not need a client side patch to fix this issue. It was fixed on the server-side, meaning you got the update fixing it by Feb. 14th, whether or not you updated the local BigScreen app.
Episode Runtime: 4:50
Direct YouTube Link: https://www.youtube.com/watch?v=XfAgQqPScBw
- University researcher’s post on the Bigscreen and Unity vulnerabilities – University of New Haven
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply