Translate News 🙂

Source Engine games have a vulnerability that can provide anyone with access to your PC

Wallhacks, Aimbots and other forms of cheat software is big business these days, which has forced the industry to renew its focus on combating cheaters.

Except for Valve, apparently. The Dota 2 and CS:GO maker has been reportedly sitting on a massive Source Engine vulnerability for the past two years.

This report comes courtesy of The Secret Club, a "not-for-profit reverse-engineering group" that looks into publicly available software and publishes vulnerabilities under the expectation that the software developer fixes those vulnerabilities. Recently, the group posted a video on Twitter showing how someone can gain remote access to someone else's computer just by exploiting that Source Engine vulnerability.

The specifics of the vulnerability were not disclosed, but The Secret Club did make it clear that on the victim's end, all they need to do is accept an invitation to play a Source Engine game on Steam. After that, the hacker has full access to the victim's PC to do with as they please.

The Secret Club is also saying that Valve is preventing them from publishing the details of this vulnerability even though they've known about it for two years. And if they've known about it that long, then it's a certainty that less scrupulous hackers know about it too.

On top of that, Valve still hasn't fixed the exploit themselves even though The Secret Club told them about it years ago.



We strongly recommend that you only accept invitations from people you know.