Valve has finally fixed a security vulnerability in Counter-Strike: Global Offensive that could be used by hackers to gain remote control of a player’s PC – an issue the company had reportedly known about for two years by the time its existence was publicised last week.
News of the exploit was circulated in a tweet by not-for-profit reverse-engineering group The Secret Club. It explained one of its members, Florian, had contacted Valve two years prior to report a remote code execution flaw which made it possible for a hacker to take over a target’s PC by tricking them into accepting a Counter-Strike: Global Offensive Steam invite.
Although the exploit – one of several vulnerabilities reported to Valve by Secret Club members – had the potential to affect any game utilising Source Engine, The Secret Club stressed only CS:GO was still verifiably at risk. “We cannot say for sure if and when things have been patched in other games throughout the time without us being notified about it,” it wrote.
Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com/0FWRvEVuUX
— secret club (@the_secret_club) April 10, 2021
To see this content please enable targeting cookies.
Following The Secret Club’s post, others began sharing stories of reporting bugs to Valve and receiving no response. As Florian put it in conversation with Vice’s Motherboard, “Valve’s response has been a complete disappointment right from the start. Our experience has always been slow response times, with little to no patches being pushed to production. They truly don’t care about the security and integrity of their games.”