Minecraft: Java Edition Has a Security Vulnerability- But Thankfully It’s Fixable
Minecraft has been around for a while. It’s a good creative outlet for all sorts of entertainment and educational experiences. But with it, there can be problems that arise. In particular, there has been an exploit found in the game that can leave players vulnerable.
This exploit has been ID’ed as CVE-2021-44228, and is known to be a remote code execution. What this means is this Apache Log4j Java-based logging library can take control of other people’s computers without the proper authority, simply by using log messages within the server. In particular, Minecraft: Java Edition is vulnerable to this new online attack method. And this exploit is pretty dangerous, not just for Minecraft. It seems that Amazon, Twitter, Apple, and many more online service providers are highly vulnerable to this exploit. This is because while Java isn’t really used for users, enterprise applications like those mentioned above still use Java. But Steam is apparently okay, as they’ve already patched up that problem.
All is not lost when it comes to Minecraft, thankfully. Whether playing or hosting a server, it is possible to protect yourself. If using Apache, it’s possible to simply go for the latest update to patch the vulnerability; the same for Mojang, if that’s what’s being used. Even those who do not want to upgrade, or can’t for various reasons either remove JndiLookup class from the classpath or set “log4j2.formatMsgNoLookups” to “true”.
Player safety is the top priority for us. Unfortunately, earlier today we identified a security vulnerability in Minecraft: Java Edition.
The issue is patched, but please follow these steps to secure your game client and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf
— Minecraft (@Minecraft) December 10, 2021
There’s already the rush to fix this problem, which is a great thing. But, if users don’t stay vigilant, this could become a problem that arises in the following weeks or even months later. As it is, there are fears by Security firms that the vulnerability has already been exploited.
If you think you have been attacked in Minecraft with this exploit, it is strongly suggested to report this with a report ticket.