Minecraft: Java Edition Has a Security Vulnerability- But Thankfully Itโs Fixable
Minecraft has been around for a while. Itโs a good creative outlet for all sorts of entertainment and educational experiences. But with it, there can be problems that arise. In particular, there has been an exploit found in the game that can leave players vulnerable.
This exploit has been IDโed as CVE-2021-44228, and is known to be a remote code execution. What this means is this Apache Log4j Java-based logging library can take control of other peopleโs computers without the proper authority, simply by using log messages within the server. In particular, Minecraft: Java Edition is vulnerable to this new online attack method. And this exploit is pretty dangerous, not just for Minecraft. It seems that Amazon, Twitter, Apple, and many more online service providers are highly vulnerable to this exploit. This is because while Java isnโt really used for users, enterprise applications like those mentioned above still use Java. But Steam is apparently okay, as theyโve already patched up that problem.
All is not lost when it comes to Minecraft, thankfully. Whether playing or hosting a server, it is possible to protect yourself. If using Apache, itโs possible to simply go for the latest update to patch the vulnerability; the same for Mojang, if thatโs whatโs being used. Even those who do not want to upgrade, or canโt for various reasons either remove JndiLookup class from the classpath or set โlog4j2.formatMsgNoLookupsโ to โtrueโ.
Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.
The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf
โ Minecraft (@Minecraft) December 10, 2021
Thereโs already the rush to fix this problem, which is a great thing. But, if users donโt stay vigilant, this could become a problem that arises in the following weeks or even months later. As it is, there are fears by Security firms that the vulnerability has already been exploited.
If you think you have been attacked in Minecraft with this exploit, it is strongly suggested to report this with a report ticket.