From bleepingcomputer.com
Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored.
Security researchers Matt Nelson and Vasily Kravets both recently discovered the same vulnerability in the widely used Steam Client software and were told that Valve would not be fixing it because it was “out of scope” of their vulnerability reporting program.