Skip to main content

Valve patched decade-old bug that hackers could exploit to take over Steam users' PCs

posted onJune 3, 2018
by l33tdawg

A critical bug, which has existed for at least 10 years in the Steam client, could have allowed attackers to remotely execute malicious code in “all 15 million active clients.” Put another way by Motherboard, 125 million Steam gamers were vulnerable to attacks in which attackers could have remotely controlled their machines.

While Valve did patch the massive vulnerability, Tom Court, a security researcher at Context Information Security, released the details about the remote code execution (RCE) bug that affected all versions of the Steam gaming client.

According to Court, it was “a very simple bug, made relatively straightforward to exploit due to a lack of modern exploit protections.” The flaw was a “heap corruption within the Steam client library that could be remotely triggered.” The Steam client communicated via its Steam protocol delivered on top of UDP (User Datagram Protocol) packets. Court determined that an attacker needed only to send malformed UDP packets to a gamer’s Steam client to trigger the flaw and then run malicious code on his or her computer.

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th