Valve Patches Security Bug That Existed in Steam Client for the Past Ten Years (bleepingcomputer.com)

Posted by msmash on Thursday May 31, 2018 @05:30AM from the better-late-than-never dept.

Valve developers have recently patched a severe security flaw that affected all versions of the Steam gaming client released in the past ten years. From a report: According to Tom Court, a security researcher with Context Information Security, the one who discovered the flaw, the vulnerability would have allowed an attacker to execute malicious code on any of Steam's 15 million gaming clients. In the jargon of security researchers, this is a remote code execution (RCE) flaw because exploitation was possible via network requests, without needing access to the victim's computer. Court says an attacker was only required to send malformed UDP packets to a target's Steam client, which would have triggered the bug and allowed him to run malicious code on the target's PC.

2 of 77 comments (clear)

Min score:

Reason:

Sort:

This steams me!!! by Bodhammer · 2018-05-31 05:37 · Score: 4, Funny

First post! Yeah!

--
"I say we take off, nuke the site from orbit. It's the only way to be sure."
Re:By design, not a bug by Pinky's+Brain · 2018-05-31 06:24 · Score: 3, Funny

To paraphrase Sadiq Khan, buffer overflows are part and parcel of programming in C(++).