One of Valve’s most popular games, Counter-Strike: Global Offensive or CS:GO, has been around for nearly a decade now. However, for over a year, the developers have not bothered to fix a security flaw of the game, allowing hackers to take control of a player’s PC.
According to a report, the Secret Club, an ethical hacking collective, identified a serious security flaw with the game, allowing an attacker to misusing the invite mechanism of the Steam service. The flaw apparently exists in the ‘Source’ engine, which was created by Valve and is used in some of its popular games such as Half Life, and CS:GO. A demonstration of the exploit was also published by the group on their YouTube channel.
The report further mentions that Florian, a student and member of the Secret Club, in 2019 reported about the vulnerability to Valve via company’s bud bounty program. While the bounty was paid by the company, they are yet to fix the flaw in the game’s engine, meaning the other games that run on the same Source engine are also affected, with few exceptions. To take control of the victim’s computer, the bug exploits a remote code execution flaw in the Source engine.
However, the game which was updated on March 31st, still have the flaw, according to the published record, meaning that the researchers are still not able to disclose the vulnerability to the public, as quite a few games could be affected without a fix from Valve.