Lee Caller

Autodesk Maya Security Vulnerability

May 22, 2020

Looks like some nasty people have decided to make June 27th 2020 a bad day for users of Autodesk Maya.

A note from Turbosquid reports that:

"On May20, Autodesk announced a recent discovery of a malicious script in Maya that gets stored in a user's local settings upon opening and will infect any other file saved from that instance of Maya. This infection can initially show up as some odd interactivity, but appears to have a trigger on June 27 that will basically disrupt the user's ability to use the Maya interface."

It's also mentioned here as an Autodesk Security advisory. The good news is there's a plugin available from Autodesk's own app store (for free) that'll scan scenes as you open/import them (or you can direct Maya to scan a specific scene). You can grab it from here (external link to Autodesk). All pretty painless - run the download, open up Maya (2015 to 2020, so you may need to repeat this multiple times for each version), head over to the Plugin Manager (Windows > Settings and Preferences > Plugin Manager), scroll down looking for the entries under a section that mentions "MayaSecurityTools" as part of the path name and tick everything.

You'll get the option to view a help document (PDF) on install (recommended) - it'll also have the same PDF held on your machine (do a search for "MayaScanner.pdf" to find it).