GameSpot may receive revenue from affiliate and advertising partnerships for sharing this content and from purchases through links.

Steam Users Were Vulnerable To A Serious Exploit For A Decade

Long life for a bug.

By on

22 Comments

Steam has millions of active users. That's a staggeringly large amount of people to be left vulnerable to cyber attacks for a decade.

And yet, that's exactly what happened. There's been an exploitable bug – which has since been addressed – in Steam for the past 10 years, and any hacker that took advantage of it would have been able to invade the computers of any Steam user. This bug was first written about by Tom Court, a security researcher at Contextis. According to Court, any hacker with the right technical know-how could have used the bug to execute code on another person's machine, and then used the intrusion to seize full control of the victim's computer.

Click To Unmute
  1. The Terminator Operator Bundle | Call of Duty: Warzone & Black Ops 6
  2. The Sims 4 Businesses & Hobbies Expansion Pack | Official Reveal Trailer
  3. Apex Legends: Takeover Gameplay Trailer
  4. Capcom Fighting Collection 2 | First-ever Hands-on | 30 mins of CVS2, SFA3, Project Justice
  5. Like a Dragon: Pirate Yakuza in Hawaii | Story Trailer
  6. Space Marine 2 - Datavault Update Overview Trailer
  7. Resident Evil 4 Adds Mercenaries and Microtransactions | GameSpot News
  8. Fallout: New Vegas 2 Rumors Explained | GameSpot
  9. April Xbox Game Pass Games Revealed | GameSpot News
  10. Over 15 Free Games To Claim In April | GameSpot News
  11. New Witcher Game Plans Have Changed | GameSpot News
  12. Elden Ring Death Count Revealed | GameSpot News

Want us to remember this setting for all your devices?

Sign up or Sign in now!

Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
00:00:00
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

Now Playing: Apple Blocks Valve's New Steam Link App From iOS Release - GS News Update

Valve first dealt with the bug in July 2017. The company implemented an address space layout randomization update in the Steam desktop client, making it much more difficult for hackers to exploit the bug. Valve then completely patched away the vulnerability this past April.

Court referred to the bug as "relatively straightforward to exploit," but added that Valve probably didn't patch it sooner because the company didn't think it needed to. "The vulnerable code was probably very old," Court wrote, "but as it was otherwise in good working order, the developers likely saw no reason to go near it or update their build scripts."

This has been a difficult couple of weeks for Valve already. The company recently revealed that Apple announced its decision to block Valve's app from releasing on the iOS App Store.

Got a news tip or want to contact us directly? Email news@gamespot.com

Valve Software
PC
Join the conversation
There are 22 comments about this story
Load Comments (22)