News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Steam Client Zero-Day Disclosed

    Home Forums Code Red – Security/Privacy advisories Steam Client Zero-Day Disclosed

    Viewing 1 reply thread
    • Author
      Posts
      • #1915252 Reply
        Kirsty
        Da Boss

        Disgruntled bug-hunter drops Steam zero-day to get back at Valve for refusing him a bounty
        EoP bug now free for the world to see after bounty was rejected

        By Shaun Nichols | August 22, 2019

         
        A security bod angry at Valve’s handling of bug reports has disclosed in public a zero-day vulnerability affecting the games giant’s flagship Steam app.

        Russia-based bug-hunter Vasily Kravets said that he was releasing details of the flaw, an elevation-of-privilege hole, after a series of poor interactions with Valve led to him getting banned from Valve’s bug bounty program, run by HackerOne.

         
        Read the full article here

        CVE-2019-14743

        1 user thanked author for this post.
      • #1916961 Reply
        Kirsty
        Da Boss

        Researcher publishes second Steam zero day after getting banned on Valve’s bug bounty program

        Valve gets heavily criticized for mishandling a crucial bug report.

        By Catalin Cimpanu | August 21, 2019

         
        A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks.

        However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn’t do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform.
         

        Read the full article here

         

         
        Valve patches recent Steam zero-days, calls turning away researcher ‘a mistake’

        Valve also updates bug bounty rules to prevent similar incidents from happening again.

        By Catalin Cimpanu | August 22, 2019

         
        Gaming giant Valve has called turning away a security researcher who reported a vulnerability in the company’s Steam gaming client “a mistake.”

        A Valve representative told ZDNet in an email today that the company has shipped fixes for the Steam client, updated its bug bounty program rules, and is reviewing the researcher’s ban on its public bug bounty program

         
        Read the full article here

        2 users thanked author for this post.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Steam Client Zero-Day Disclosed

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.