Steam Flaws Can Cause Hackers to Crash Your PC or Mac — What You Need To Know

Steam Flaws Can Cause Hackers to Crash Your PC or Mac — What You Need To Know

Steam's desktop client for Windows, macOS, and Linux is generally a fairly secure program, but even the most secure programs can have devastating holes in their security [Researchers discovered four dangerous vulnerabilities in Valve's gaming platform back in September The bad news is that these flaws could compromise your multiplayer matches, or even your entire computer The good news is that we already have patches to fix them

In September, Check Point, a Tel Aviv-based cybersecurity firm, discovered four potentially very troubling vulnerabilities in Steam Specifically, they were flaws in Steam Sockets, a toolkit used by many third-party developers to keep online games running smoothly on Steam

Believe it or not, you won't need to install a new patch to protect yourself from these flaws This is because you probably already have them installed [Check Point alerted Valve to the vulnerabilities in September, and Valve applied the patches two weeks later Both companies said nothing for such a long time after Check Point revealed the vulnerability to ensure that malicious parties could not take advantage of it

Steam's desktop client software on Windows, Mac, and Linux automatically applies the patch; unless you specifically instruct Steam's desktop client software not to download and install the update Unless you have specifically instructed your Steam desktop client software not to download and install updates (which has resulted in having to play all games in offline mode for the past three months), you should already have the necessary fixes installed

Nevertheless, if you haven't launched Steam in the meantime, it would be worthwhile to launch the desktop program and install the latest version

Without going into technical details, the severity of the flaw ranges from "high" to "critical" and could theoretically compromise a game or computer without any input from the victim [An attacker could simply join a multiplayer server and send malicious code directly to the end user The user has no choice but to accept it It is easy to crash a match mid-match this way, and somewhat more difficult to hijack a computer, but still within the realm of possibility

Fortunately, there is not much risk involved with this particular flaw anymore, since the patch was released three months ago and Steam games require an update before they can be played online

Even better, there is no indication that these flaws have been exploited This is a perfect example of security companies and software providers working together to fix problems before they pose a direct threat to end users

On the other hand, it is also a good reminder that even large, popular, and secure programs like Steam often have flaws lurking deep within their code This is probably not the last Steam vulnerability that researchers will discover

Categories