Pressure Grows on Valve to Unplug Steam Gaming Platform Vulnerabilities

Steam gaming platform
Share It On:

18th April 2021, Kathmandu

Stress is rising on video games writer Valve after two units of safety researchers got here ahead with complaints that it has been sluggish at resolving safety flaws in its widespread Steam platform.

A seemingly important Steam supply engine vulnerability found by ‘Florian’, a member of reverse engineering group Secret Club, and the relationship from 2019 is alleged to stay unresolved – a lot to the consternation of the person concerned and his safety analysis colleagues.

Florian reported the flaw to Valve by means of a bug bounty program run by HackerOne, however regardless of a number of makes an attempt to chase the difficulty no motion has been taken, despite the fact that the safety flaw was “verified/triaged after a few months”, in keeping with the bug hunter.

Secret Membership aired its frustration in a Twitter update over the weekend: “Two years in the past, Secret Membership member @floesen_ reported a distant code execution (RCE) flaw affecting all supply engine video games.

“It can be triggered through a Steam invite,” the group added. “This has yet to be patched, and Valve is preventing us from publicly disclosing it.”

A tracker for the issue – CVE-2021-30481 – was been added to NIST’s National Vulnerability database on Monday (April 12).

“Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click,” the entry states. Launched in 2003, Steam is the world’s most popular video game distribution service, taking up to 75% of the global market share and attracting around 20 million gamers each day.

Chris Boyd, a security researcher with Malwarebytes and keen gamer who has spent years researching the security of various gaming platforms, had no direct knowledge of the vulnerabilities in play but did say he’s been able to get Valve/Steam to fix directly reported flaws in the past.

“I’ve reported several issues to Steam down the years and they were addressed very quickly, such as a method used by phishers to bypass Steam Guard protection,” Boyd told The Daily Swig.

“However, these were not reported via bug bounty programs and were likely not as complex to resolve as the current issues.”

“With so many titles using the source engine, it may take a while longer yet to test and address without potentially breaking essential functionality in some games,” he added.


Share It On:

Recent Posts

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights, and Fuel Efficiency Showcase

Bajaj Platina Mileage Champion 2024: Dhangadhi Event Winners, Performance Highlights,

Share It On: 25th December 2024, Kathmandu The ‘Bajaj Mileage Champion’ event took place in Dhangadhi, Kailali, where local riders

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s Startup Ecosystem

inDrive Partners with ICT Award 2024, Supports Innovation in Nepal’s

Share It On:25th December 2024, kathmandu inDrive a global mobility and urban services platform, is proud to announce the winner of

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Citizens Bank Easy Dental Partnership: Exclusive Discounts for Customers

Share It On: 25th December 2024, Kathmandu Citizens Bank International Ltd. has entered into a partnership with Easy Dental Pvt.

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates & Easy Loan Approval

Bajaj Motorcycle Finance Fair 2024 in Nepal: Low Interest Rates

Share It On:25th December 2024, Kathmandu Hansraj Hulaschand & Company Pvt. Ltd., the official dealer of Bajaj Motorcycles in Nepal,

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70% Off, and Exclusive Vouchers

Daraz Nepal 1.1 Sale Offers Free Delivery, Up to 70%

Share It On:25th December 2024, Kathmandu Daraz, the leading e-commerce platform in Nepal, is kicking off the New Year with

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of Free Internet

PhonePe Launches ‘Net Set Go’ Campaign: Win One Year of

Share It On:25th December 2024, Kathmandu PhonePe, the mobile banking app, has launched the ‘Net Set Go’ campaign in Nepal.