STORE COMMUNITY ABOUT SUPPORT
Login Store Community Support
View desktop website
© Valve Corporation. All rights reserved. All trademarks are property of their respective owners in the US and other countries.
Howdy, just wanted to make clear something to avoid confusion among all of you. Maybe you didn't noticed but we released a large update a few days ago that fixes all the infamous security holes and also brings the most recent version of Source engine to our game. Happy fragging and pass the whiskey.
The second part of this brief news is dedicated to our upcoming update to commemorate Halloween. There will be Halloween themed maps as past year and a special 32 slot shootout-alike game mode featuring ghost and a new power-up. I'll just say this. Discuss.
Updated October 10, 2015: Fistful of Frags is already patched so the security issues described below are outdated and therefore shouldn't be taken in consideration.
Howdy partners, maybe you heard about a security hole that affects certain Source engine based games and modifications. You can read about it here.
The attack involves a client machine to download custom content from a server (maps, game textures and sounds). That should be completely safe except there seems to be a way to embed malicious code into these files that is executed thanks to an engine exploit.
To put this in perspective, any image or sound you download from the internet can potentially contain a virus, however such payload is not harmful by itself so it needs to be executed somehow from an external source. That's the problem here, the Source engine is vulnerable so a 2-step infection of this kind is possible. We are hoping a fix from Valve for the base engine functions soon but current state of the game is *safe* as explained below.
I'd like to make clear that one of the main vector attacks involve player sprays / jingles which do not work at all in our game. A related security hole that allowed to run malicious code was patched a month ago in our game, I'm not completely sure there may exist additional holes though so I decided to disallow any custom content download for the upcoming time. While this feature can be turned on again on each client machine, my advice is you leave it as is. This should be completely safe as long you don't install manually custom content from other sources.
Other than that, I'm hoping no one got infected in Fistful of Frags but if you think you did please let us know. I'll keep you posted.
You can use this widget-maker to generate a bit of HTML that can be embedded in your website to easily allow customers to purchase this game on Steam.
Enter up to 375 characters to add a description to your widget:
Copy and paste the HTML below into your website to make the above widget appear
Sign in to add your own tags to this product.