A critical bug in Valve’s game engine has been demonstrated by a security researcher to allow hackers to take control of their victims’ computers. All the attacker needs to do is trick their victims into clicking a Steam invite link to play Counter Strike: Global Offensive (CS:GO).
Even more worryingly, the security researcher, known as "Florian" told Motherboard, said that the bug can be used to develop a worm-like exploit to infect other machines.
The vulnerability isn’t game-specific, but rather exists in the Source game engine that’s used by several popular games including CS:GO, Team Fortress 2, Dota 2, and Postal III among others.
- Here's our choice of the best malware removal (opens in new tab) software on the market
- These are some of the best endpoint protection software (opens in new tab)
- Also take a look at the best firewall apps and services (opens in new tab)
Slow to respond
Florian said he brought the vulnerability to Valve’s attention as part of the company’s bug bounty program back in 2019. And while the bug has been rendered ineffective on virtually all Source-powered games, it still mysteriously exists in CS:GO.
"I am honestly very disappointed because they straight up ignored me most of the time," said Florian.
While Valve didn’t return Motherboard’s request for comments, Carl Schou, founder of a not-for-profit group of security researchers called Secret Club, pointed out two other vulnerabilities that Valve failed to acknowledge even after being informed several months ago.
"Valve's response has been a complete disappointment right from the start,” Schou told Motherboard, adding that slow response times have been the hallmark of the group’s past interactions with the popular gaming publisher and distributor.
- Protect your devices with these best antivirus software (opens in new tab)
Via: Motherboard (opens in new tab)
