Pressure Grows on Valve to Unplug Steam Gaming Platform Vulnerabilities

Steam gaming platform
Share It On:

18th April 2021, Kathmandu

Stress is rising on video games writer Valve after two units of safety researchers got here ahead with complaints that it has been sluggish at resolving safety flaws in its widespread Steam platform.

A seemingly important Steam supply engine vulnerability found by ‘Florian’, a member of reverse engineering group Secret Club, and the relationship from 2019 is alleged to stay unresolved – a lot to the consternation of the person concerned and his safety analysis colleagues.

Florian reported the flaw to Valve by means of a bug bounty program run by HackerOne, however regardless of a number of makes an attempt to chase the difficulty no motion has been taken, despite the fact that the safety flaw was “verified/triaged after a few months”, in keeping with the bug hunter.

Secret Membership aired its frustration in a Twitter update over the weekend: “Two years in the past, Secret Membership member @floesen_ reported a distant code execution (RCE) flaw affecting all supply engine video games.

“It can be triggered through a Steam invite,” the group added. “This has yet to be patched, and Valve is preventing us from publicly disclosing it.”

A tracker for the issue – CVE-2021-30481 – was been added to NIST’s National Vulnerability database on Monday (April 12).

“Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click,” the entry states. Launched in 2003, Steam is the world’s most popular video game distribution service, taking up to 75% of the global market share and attracting around 20 million gamers each day.

Chris Boyd, a security researcher with Malwarebytes and keen gamer who has spent years researching the security of various gaming platforms, had no direct knowledge of the vulnerabilities in play but did say he’s been able to get Valve/Steam to fix directly reported flaws in the past.

“I’ve reported several issues to Steam down the years and they were addressed very quickly, such as a method used by phishers to bypass Steam Guard protection,” Boyd told The Daily Swig.

“However, these were not reported via bug bounty programs and were likely not as complex to resolve as the current issues.”

“With so many titles using the source engine, it may take a while longer yet to test and address without potentially breaking essential functionality in some games,” he added.


Share It On:

Recent Posts

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and Banking Stability

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and

Share It On:23rd November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has announced a significant investment of NPR

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural Development

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural

Share It On: 23rd November 2024, Kathmandu The Agricultural Development Bank (ADB) is recognized as a vital institution for Nepal’s

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future Outlook

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future

Share It On: 23rd November 2024, Kathmandu Ridi Power Company Limited wrapped up its annual shareholder meeting, the 23rd Annual

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender In Nepal

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender

Share It On: 22nd November 2024, Kathmandu A significant step has been taken towards strengthening financial ties between Nepal and

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November