Valve has exposed all of Steam's massive 125 million strong PC gaming community to a remote code execution (RCE) vulnerability, which was only just discovered now after 10 years.
Tom Court, a security researcher at Contextis said that while the bug was bad, it is now fixed. Court explained: "The keen-eyed, security conscious PC gamers amongst you may have noticed that Valve released a new update to the Steam client in recent weeks. This bug could have been used as the basis for a highly reliable exploit. This was a very simple bug, made relatively straightforward to exploit due to a lack of modern exploit protections".
Steam was vulnerable because of a heap corruption within the Steam client library that could have been remotely activated. If hackers did this, they would have full control to the PC in question, which as you can imagine... wouldn't be good.
Court said that this vulnerability was in the Steam client for the last 10 years at least, and could've seen all 15 million active gamers hit. Court added: "The fact that such a simple bug with such serious consequences has existed in such a popular software platform for so many years may be surprising to find in 2018 and should serve as encouragement to all vulnerability researchers to find and report more of them!"
Valve were quick to fix the issue, where after they were notified of the bug, it was fixed within 12 hours.