Wow, allowing remote execution of a bytecode language that directly operates on system resources is a bit terrifying. This can’t be the only Unity API that wasn’t designed to be secure when called by untrusted code from the internet.
Absolutely. The other exploit I wrote from two years ago that I alluded to in the post involved a vulnerability completely different component. That one abused a (presumably decades-old) heap overflow in the S3M tracker module format in the FMOD audio library built into Unity. I think there isn't nearly enough serious vulnerability research into games outside of cheater groups.
As a side note, that S3M vuln was a massive pain because the chain of responsibility was even longer. That's why I lost a good chunk of the writeup for that before it was safe to publish it.