Steam Security Vulnerability Fixed, Researchers Don’t Agree



Valve has pushed out a fix for a zero-day Steam Client local privilege escalation (LPE) vulnerability, but researchers say there are still other LPE vulnerabilities that are being ignored.

Security researchers Matt Nelson and Vasily Kravets both recently discovered the same vulnerability in the widely used Steam Client software and were told that Valve would not be fixing it because it was “out of scope” of their vulnerability reporting program.

Read more…