Microsoft warns ‘Minecraft’ Java players of security vulnerability

The latest version already contains a fix

Microsoft and Mojang have warned players using Minecraft Java Edition of a severe security vulnerability that requires an update to fix.

The security vulnerability is contained within the Minecraft chatbox and allows malicious users to inject code through it. These messages can be used to take control of servers without the correct access or authority. Mojang and Microsoft are aware of the issue and have updated Minecraft Java Edition to prevent the problem, but warn players to ensure they use the latest version by manually updating their clients and servers.

“Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition,” The official Minecraft Twitter account said.

Advertisement

“The issue is patched, but please follow these steps to secure your game client and/or servers.”

Marcus Hutchins of MalwareTech explained the issue in a series of tweets. “This log4j (CVE-2021-44228) vulnerability is extremely bad. Millions of applications use Log4j for logging, and all the attacker needs to do is get the app to log a special string. So far iCloud, Steam, and Minecraft have all been confirmed vulnerable.”

“In the case of Minecraft, attackers were able to get remote code execution on Minecraft Servers by simply pasting a short message into the chatbox.”

The issues are not known to be present in the Bedrock version of Minecraft for Windows 10 and 11 or the console versions.

Advertisement

In other news, Grand Theft Auto V Online is receiving a new radio station with brand new music later this week. The station will be called MOTOMAMI Los Santos and will feature music from artists such as Caroline Polachek to Daddy Yankee, Mr. Fingers, and Aventura. Two existing stations will also be getting revamped with new music.

 

Advertisement
Advertisement