Valve patched Steam bugs that could have allowed hackers to take over PCs

Some third-party games may still be at risk.

Igor Bonifacic / Engadget

Valve has dodged what could have been a potentially nasty cheating situation for Steam users. Check Point Research found four vulnerabilities within the company’s Steam Sockets network library. The library is included as part of a networking plugin Valve offers to other studios. Had Valve not patched the vulnerabilities, Check Point claims someone could have exploited them to remotely crash your games of Counter-Strike: Global Offensive, Dota 2 and any other title that depends on Steam Sockets for matchmaking. In some instances, Check Point says those same vulnerabilities could have allowed someone to take over your computer remotely.

When it comes to third-party games specifically, the firm found a single vulnerability that could have allowed a hacker to take over an entire game server, and hijack the computers of everyone connected to that server.

Once Check Point informed Valve of the issue in September, the studio updated its games three weeks later and relayed the firm’s findings to third-party developers. We’ve reached out to the company for comment and more information, and we’ll update this article when we hear back from Valve.

If you use Steam to play CS:GO, Dota 2 and other Valve-developed games, you don’t have to take any additional steps to protect yourself. When it comes to any third-party games, Check Point suggests checking to see if they’ve been updated recently. There are a couple of ways you can do that. The easiest is to click on the “Downloads” section at the bottom of Steam’s interface. That will let you see any updates you may have recently downloaded. If you tap on the “View News” link next to any one of the games listed there, you’ll find your way to the Steam News Hub. From there, you can search for coverage on a specific title in your library, and filter for news on content updates only. If a game you play online frequently hasn’t been updated recently, Check Point suggests reaching out to the developer to find out what’s happening.