This comes from Reddit, was posted about 3 hours ago. And yes, I did a better search this time...
The "secret club", a known group of alleged white hats hackers and cybersecurity professionals claims that Valve has yet to patch an RCE that happens through friends invites on Source Engine games.
The vulnerability was reported back in 2018 but the group reports Valve still hasn't patched it and that it is still exploitable to this day.
A NIST CVE report is now being created it appears: https://cve.report/CVE-2021-30481
https://twitter.com/search?src=sprv&q=CVE-2021-30481
HN link: https://news.ycombinator.com/item?id=26762170
It's a good day to sandbox the Steam Client and the games running in there. Or at least limit invites to you friends only.
This affects all Windows steam clients - Windows, Windows client under wine in Linux) running a Source Engine game.
Please be careful accepting friend invites.
The "secret club", a known group of alleged white hats hackers and cybersecurity professionals claims that Valve has yet to patch an RCE that happens through friends invites on Source Engine games.
The vulnerability was reported back in 2018 but the group reports Valve still hasn't patched it and that it is still exploitable to this day.
A NIST CVE report is now being created it appears: https://cve.report/CVE-2021-30481
https://twitter.com/search?src=sprv&q=CVE-2021-30481
HN link: https://news.ycombinator.com/item?id=26762170
It's a good day to sandbox the Steam Client and the games running in there. Or at least limit invites to you friends only.
This affects all Windows steam clients - Windows, Windows client under wine in Linux) running a Source Engine game.
Please be careful accepting friend invites.
Last edited: