A bypass for a recent Steam vulnerability that could allow malware or a local attacker to gain admin privileges has been disclosed on Twitter. This new method allows an attacker to bypass the fix created by Steam and exploit the vulnerability again. The researchers disclosed how to exploit this vulnerability after Valve refused to fix it because it was outside the scope of their bug bounty program. Steam disputed it as a vulnerability because Steam’s “threat model excludes “”Attacks that require physical access to the user’s device”” and “”attacking that require the ability to drop files in arbitrary locations”””
Source: https://www.bleepingcomputer.com/news/security/steam-security-saga-continues-with-vulnerability-fix-bypass/

