[ad_1]
Swedish online game developer Mojang Studios has launched an emergency Minecraft safety replace to handle a important bug within the Apache Log4j Java logging library utilized by the sport’s Java Version consumer and multiplayer servers.
The vulnerability is fastened with the discharge of Minecraft: Java Version 1.18.1, which is now rolling out to all clients.
“This launch fixes a important safety problem for multiplayer servers, adjustments how the world fog works to make extra of the world seen, and fixes a few different bugs,” the corporate stated at this time.
“If you’re operating a multiplayer server, we extremely encourage you to improve to this model as quickly as potential.”
To improve to the patched model, these utilizing Mojang’s official recreation consumer are suggested to shut all operating recreation and Minecraft Launcher cases and restart the Launcher to put in the patch mechanically.
Avid gamers who use modified Minecraft purchasers and third-party launchers ought to attain out to their third-party suppliers for a safety replace.
These internet hosting their very own Minecraft: Java Version servers must undergo completely different steps relying on the model they’re utilizing, as outlined right here.
Participant security is the highest precedence for us. Sadly, earlier at this time we recognized a safety vulnerability in Minecraft: Java Version.
The problem is patched, however please observe these steps to safe your recreation consumer and/or servers. Please RT to amplify.https://t.co/4Ji8nsvpHf
— Minecraft (@Minecraft) December 10, 2021
Actively exploited unauthenticated RCE vulnerability
The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is a distant code execution (RCE) flaw discovered within the ubiquitous Apache Log4j Java-based logging library and reported by Alibaba Cloud’s safety workforce.
It impacts default configurations of a number of Apache frameworks, together with Apache Struts2, Apache Solr, Apache Druid, and Apache Flink, utilized by numerous enterprise software program merchandise from Apple, Amazon, Cloudflare, Twitter, Steam, and others.
Attackers are already mass scanning the Web [1, 2] for weak methods, and, based on a CERT NZ safety advisory, they’re additionally actively exploiting it within the wild.
This was additionally confirmed by Coalition Director Of Engineering – Safety Tiago Henriques and safety knowledgeable Kevin Beaumont.
Apache has already launched Log4j 2.15.0 to handle this most severity vulnerability. CVE-2021-44228 can be mitigated in earlier releases (2.10 and later) by setting system property “log4j2.formatMsgNoLookups” to “true” or eradicating the JndiLookup class from the classpath.
Safety firm Lunasec underscored the severity of CVE-2021-44228 assaults earlier at this time, saying that “many, many companies are weak to this exploit. Cloud companies like Steam, Apple iCloud, and apps like Minecraft have already been discovered to be weak.”
“Anyone utilizing Apache Struts is probably going weak. We have seen comparable vulnerabilities exploited earlier than in breaches just like the 2017 Equifax knowledge breach,” they added.
[ad_2]
