During the software development process, depending on the way the software has been coded, it can leave itself open to exploits by hackers who are familiar with the coding process and know how to take advantage of the system’s weakness. No software is ever perfect, although ideally bugs should be discovered and patched quickly.
Unfortunately for Valve’s Steam desktop client, it appears that the software had a particularly nasty bug that existed for the past 10 years, a bug which if exploited would have allowed hackers to take over the person’s PC. This was discovered by Context’s Tom Court (via Gizmodo) who penned a lengthy and detailed blog post about the issue.
According to Court, the problem was only addressed back in July last year when Valve compiled their code with modern exploit protections enabled. However he claims that even with these protections, the bug could still be exploited and cause the client to crash, which we guess isn’t as bad as taking over a computer completely, but definitely not ideal.
However the good news is that Valve has since fixed it properly earlier this February where it was pushed to the stable branch in March where the company thank Court in their release notes. It is unclear as to whether or not there have been any victims as a result of this bug, but Court has uploaded a video that shows the exploit in action.