Pressure Grows on Valve to Unplug Steam Gaming Platform Vulnerabilities

Steam gaming platform
Share It On:

18th April 2021, Kathmandu

Stress is rising on video games writer Valve after two units of safety researchers got here ahead with complaints that it has been sluggish at resolving safety flaws in its widespread Steam platform.

A seemingly important Steam supply engine vulnerability found by ‘Florian’, a member of reverse engineering group Secret Club, and the relationship from 2019 is alleged to stay unresolved – a lot to the consternation of the person concerned and his safety analysis colleagues.

Florian reported the flaw to Valve by means of a bug bounty program run by HackerOne, however regardless of a number of makes an attempt to chase the difficulty no motion has been taken, despite the fact that the safety flaw was “verified/triaged after a few months”, in keeping with the bug hunter.

Secret Membership aired its frustration in a Twitter update over the weekend: “Two years in the past, Secret Membership member @floesen_ reported a distant code execution (RCE) flaw affecting all supply engine video games.

“It can be triggered through a Steam invite,” the group added. “This has yet to be patched, and Valve is preventing us from publicly disclosing it.”

A tracker for the issue – CVE-2021-30481 – was been added to NIST’s National Vulnerability database on Monday (April 12).

“Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click,” the entry states. Launched in 2003, Steam is the world’s most popular video game distribution service, taking up to 75% of the global market share and attracting around 20 million gamers each day.

Chris Boyd, a security researcher with Malwarebytes and keen gamer who has spent years researching the security of various gaming platforms, had no direct knowledge of the vulnerabilities in play but did say he’s been able to get Valve/Steam to fix directly reported flaws in the past.

“I’ve reported several issues to Steam down the years and they were addressed very quickly, such as a method used by phishers to bypass Steam Guard protection,” Boyd told The Daily Swig.

“However, these were not reported via bug bounty programs and were likely not as complex to resolve as the current issues.”

“With so many titles using the source engine, it may take a while longer yet to test and address without potentially breaking essential functionality in some games,” he added.


Share It On:

Recent Posts

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Citizens Bank 11.11 Deals: Exclusive Discounts on Daraz

Share It On:5th November 2024, Kathmandu Citizens Bank International Limited signed an agreement with Nepal’s leading online marketplace, Daraz, to

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat Win CDU IT CodeFair CTF

Local Talent Shines in Cybersecurity: Bipu Ojha and Tuan Khuat

Share It On:5th November 2024, Kathmandu Bipu Ojha and his teammate Tuan Khuat have emerged as winners in the prestigious

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

CEDB Hydropower’s Extraordinary General Meeting Concluded: Five Directors Elected

Share It On: 5th November 2024, Kathmandu CEDB Hydropower Development Company Limited has successfully concluded its extraordinary general meeting. CEDB

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Government’s Journalist Accident Insurance Program: Apply Now For Your Protection

Share It On: 5th November, Kathmandu The Department of Information and Broadcasting has announced the launch of a new insurance

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For Growth

Nepal Life’s Property Acquisition in Hetauda: A Strategic Move For

Share It On:5th November, Kathmandu Nepal Life Insurance, a leading life insurance company in Nepal, has recently expanded its footprint

Global IME Dividend Announcement: Key Book Closure Date Revealed

Global IME Dividend Announcement: Key Book Closure Date Revealed

Share It On:5th November 2024, Kathmandu Global IME Bank has good news for its shareholders! The bank has announced a