Security News > 2021 > April > CS:GO, Valve Source games vulnerable to hacking using Steam invites
A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players.
Exceptions are games built with Source 2 or those that run a modified version of the Source engine, like Titanfall.
Among the games affected is CS:GO, whose latest update was on March 31.
In a conversation with BleepingComputer, Florian said that CS:GO still had the vulnerable Source code on April 10th and the bug could be exploited to run arbitrary code on a machine running the game.
The last Florian heard from Valve was about six months ago, when Valve paid him a bounty and said that it was in the process of fixing the problem, and that it had addressed it in one specific game using the Source engine.
Florian is a member of the Secret Club, a non-profit group of reverse engineers who complained on Twitter over Valve taking so long to address the issue in all games.