Valve Has Yet to Patch a 2-Year-Old Source Engine Vulnerability

A cybersecurity group known as Secret Club has reported on Twitter about a vulnerability in the Source 3D game engine, developed by Valve. According to the experts, the discovered bug allows for remote code execution.

This vulnerability affects many of Valve’s gaming projects, and researchers say they informed the developer about the issue nearly two years ago. However, the latest release of Counter-Strike: Global Offensive (CS:GO) still contains this bug. Other affected games include Half-Life, Half-Life 2, Garry’s Mod, Team Fortress, Left 4 Dead, and Portal.

Secret Club experts are frustrated that they cannot publish technical details, as there is still no patch available. One of the researchers who reported the bug stated that the vulnerability remains relevant to this day. This means a potential attacker could run malicious code on players’ computers.

To exploit the vulnerability, it is enough to send the victim a game invitation on the Steam platform. The specialists explained more in a video.