Steam bug found after 10 years, 125 million gamers exposed

Every single Steam user vulnerable to bug that was just found, after 10 years.

1 minute & 2 seconds read time

Valve has exposed all of Steam's massive 125 million strong PC gaming community to a remote code execution (RCE) vulnerability, which was only just discovered now after 10 years.

Tom Court, a security researcher at Contextis said that while the bug was bad, it is now fixed. Court explained: "The keen-eyed, security conscious PC gamers amongst you may have noticed that Valve released a new update to the Steam client in recent weeks. This bug could have been used as the basis for a highly reliable exploit. This was a very simple bug, made relatively straightforward to exploit due to a lack of modern exploit protections".

Steam was vulnerable because of a heap corruption within the Steam client library that could have been remotely activated. If hackers did this, they would have full control to the PC in question, which as you can imagine... wouldn't be good.

Court said that this vulnerability was in the Steam client for the last 10 years at least, and could've seen all 15 million active gamers hit. Court added: "The fact that such a simple bug with such serious consequences has existed in such a popular software platform for so many years may be surprising to find in 2018 and should serve as encouragement to all vulnerability researchers to find and report more of them!"

Valve were quick to fix the issue, where after they were notified of the bug, it was fixed within 12 hours.

Steam bug found after 10 years, 125 million gamers exposed |

Anthony joined the TweakTown team in 2010 and has since reviewed 100s of graphics cards. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.

Newsletter Subscription

Related Tags