Most likely, the vulnerability was not noticed because no one tried to use it.
Security researcher Tom Court (Tom Court) of the company Context told about how he helped Valve to eliminate the vulnerability in Steam. According to experts, this gap has existed for about 10 years and allows attackers to gain full control over victims ‘ computers.
The digital distribution platform Steam since 2003, and although it is constantly modified, many elements of the code are obsolete. About a year ago, Valve has built Steam modern mechanisms of protection against exploits, which is partially fixed the vulnerability that existed prior to that for about 10 years. As a result of the actions Valve has become impossible through the gaps directly capture the victim’s computer, only to cause a crash of the client. The vulnerability could also be used in the implementation of more complex attacks.
Employee Context to inform the Steam about the vulnerability on 20 February this year. “Valve found out about the breach from an email sent to the security team of the platform… After 8 hours the fix appeared in the beta branch of the Steam client,” said the Court. He stressed that this is one of the fastest reactions that could be expected from a large company. In the main Steam client update came on March 21, in the description of the updates mention the name of the researcher.
“The existence of such a simple error with such serious consequences in the so popular software platform in 2018 surprising and should encourage security researchers to find vulnerabilities and report them!”, — wrote Court.
© 2018, z-news.link. All rights reserved.