Google’s Open-Source AI Data Center Cooling Design Raises Commoditization Concerns 
Google Gemini Co-Lead Noam Shazeer Leaves for OpenAI Amid AI Talent Race 
SK Hynix Overtakes Samsung as South Korea’s Most Valuable Company 
Apple Signals Product Price Hikes Amid Rising Memory Chip Costs 
Tencent Reviews Marvelous Stake as Gaming Giant Reassesses Global Investment Strategy 
SK Hynix Moves Closer to New York ADR Listing Amid AI Chip Boom 
Meta Pauses Employee Activity Tracking Program Over Data Security Concerns 
Oracle Cuts 21,000 Jobs as AI Reshapes Workforce and Cloud Expansion Accelerates 
Trump’s Quantum Push Lifts IBM Stock as CEO Arvind Krishna Receives White House Praise 
Anthropic AI Model Uncovers Vulnerabilities in Classified U.S. Government Systems During Security Test 
Chinese Social Media Giant Xiaohongshu Eyes Hong Kong IPO at Over $70 Billion Valuation 
Qualcomm Nears $4 Billion Acquisition of AI Chip Startup Modular 
It was recently reported that a recent Steam update carried a security patch aimed at addressing a vulnerability that had been present for 10 years.
Valve’s digital distribution platform, Steam, received a client update last March 21 to which more fixes were added the following month. Users might have thought that this was a regular update like the previous ones that arrived. But security researcher Tom Court revealed in a blog that the said client update had more importance to it than most Steam customers initially thought.
Reports picked up Court’s blog where it was explained that a remote code execution vulnerability had been lurking around the Steam Client for at least the last 10 years, exposing over 125 million users to a cyber disaster waiting to happen. Luckily, Valve already came up with a fix and Steam customers have fewer things to worry about as long as they have the latest version of the Steam Client.
In fact, Valve gave Court a shoutout in the patch notes of the March 21 client update. The company said: “Fixed a crash when packets in a UDP connection were malformed in a particular way. Thanks to Tom Court from Context Information Security for reporting this issue.”
In Court’s blog post, he explained, “At its core, the vulnerability was a heap corruption within the Steam client library that could be remotely triggered, in an area of code that dealt with fragmented datagram reassembly from multiple received UDP packets."
The security researcher also uploaded a video to show how the vulnerability could have been exploited. Simply put, had the security flaw been found by attackers, they could easily take control of a target’s computer. In Court’s sample, he showed how the vulnerability allowed him to remotely control a computer’s calculator software.
Meanwhile, Valve maintains that they did not find any indication that the decade-old security issue was exploited before they rolled out the needed patch.
