Wednesday 21 August 2019
A second zero-day vulnerability has been publicly disclosed in the Steam gaming client by security researcher Vasily Kravets after he said he was banned from its bug-bounty program. The revelations come two weeks after another zero-day previously disclosed by Kravets and researcher Matt Nelson was disputed by Valve, Steam’s parent company. The flaw (CVE-2019-14743), which affects Windows versions of the client, concerns a privilege escalation (aka elevation of privilege or local privilege escalation) bug that makes it possible for other apps, and potentially malware, on a user’s computer to run code with system privileges. As a result, a threat actor could…
This story continues at The Next Web
