Russian security researcher Vasily Kravets has found a security vulnerability in the Steam Windows client which could allow malicious developers to infect users’ PCs.
Kravets said the exploit allows any program to run with the highest possible rights on the host system, theoretically allowing developers to run malicious software on host computers without any impediment.
This security flaw was reported to Valve on 15 June 2019, but the company has opted not to patch the vulnerability in its latest updates.
As Valve has not yet patched this vulnerability in its Steam platform, it remains possible for developers to infect host devices through software updates or game installs.
This may not be an issue for games downloaded from major developers or publishers, but the vast amount of content from independent developers on the Steam Store should leave users wary of downloading software from unknown sources through the platform.