News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Steam Client Zero-Day Disclosed

    Home Forums Code Red – Security/Privacy advisories Steam Client Zero-Day Disclosed

    This topic contains 1 reply, has 1 voice, and was last updated by  Kirsty 1 month ago.

    • Author
      Posts
    • #1915252 Reply

      Kirsty
      Da Boss

      Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
      EoP bug now free for the world to see after bounty was rejected

      By Shaun Nichols | August 22, 2019

       
      A security bod angry at Valve’s handling of bug reports has disclosed in public a zero-day vulnerability affecting the games giant’s flagship Steam app.

      Russia-based bug-hunter Vasily Kravets said that he was releasing details of the flaw, an elevation-of-privilege hole, after a series of poor interactions with Valve led to him getting banned from Valve’s bug bounty program, run by HackerOne.

       
      Read the full article here

      CVE-2019-14743

      1 user thanked author for this post.
    • #1916961 Reply

      Kirsty
      Da Boss

      Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program

      Valve gets heavily criticized for mishandling a crucial bug report.

      By Catalin Cimpanu | August 21, 2019

       
      A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

      However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn’t do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform.
       

      Read the full article here

       

       
      Valve patches recent Steam zero-days, calls turning away researcher ‘a mistake’

      Valve also updates bug bounty rules to prevent similar incidents from happening again.

      By Catalin Cimpanu | August 22, 2019

       
      Gaming giant Valve has called turning away a security researcher who reported a vulnerability in the company’s Steam gaming client “a mistake.”

      A Valve representative told ZDNet in an email today that the company has shipped fixes for the Steam client, updated its bug bounty program rules, and is reviewing the researcher’s ban on its public bug bounty program

       
      Read the full article here

      2 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Steam Client Zero-Day Disclosed

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.